Edge Spoke Gateway Deployment Workflow for On-Premises

This document provides instructions for deploying a primary and secondary highly available (HA) Edge Spoke Gateways on Aviatrix Edge Platform.

For an overview of Aviatrix Edge, see About Aviatrix Hybrid Cloud Edge.

The following deployment scenarios are supported:

  • Single VLAN connected to the Edge Gateway via a single vNIC.

  • Multiple VLANs connected to the Edge Gateway via a single vNIC (Trunk Port) and sub-interfaces for each VLAN.

  • VRRP on Edge Gateway.

  • LAN-side BGP.

  • Connectivity to single or multiple Transit Gateways from Edge Gateway.

Topology

650

Prerequisites

Before you can deploy an Aviatrix Edge Gateway on the Aviatrix Edge Platform:

  1. You must perform the prerequisite steps to procure and onboard your edge device. See Prerequisites for Edge Spoke Gateway Deployment for On-Premises.

  2. You should be familiar with Aviatrix Edge Spoke Gateway interfaces. See Edge Spoke Gateway Interfaces.

Aviatrix Edge Spoke Gateway Deployment Workflow

The diagram below provides a high-level view of the process for deploying Aviatrix Edge Spoke Gateway in Aviatrix CoPilot.

edge aviatrix workflow

  1. Procure the edge hardware.

  2. Set up the Aviatrix Edge Platform Account.

  3. Onboard the edge hardware.

  4. Create the Edge Gateway.

  5. Attach the Edge Gateway to the Transit Gateway.

  6. Connect the Edge Gateway to an external device.

Creating the Edge Spoke Gateway (Aviatrix Edge Platform)

To create a primary and secondary (HA) Edge Spoke Gateway, follow these steps:

  1. In Aviatrix CoPilot, go to Cloud Fabric > Hybrid Cloud > Edge Gateways > Spoke Gateways tab.

  2. Click + Spoke Gateway, then provide the following information.

    Field

    Description

    Name

    Name for the Edge Gateway.

    The name must start with a letter and contain only letters, numbers, and dashes (no special characters or spaces) and it can be up to 50 characters long.

    Platform

    The platform account where you want to deploy the Edge Gateway.

    You can create and edit platform accounts in CoPilot by going to Cloud Fabric > Hybrid Cloud > Platforms tab . See Set Up the Aviatrix Edge Platform Account.

    Site

    Identifies the edge location.

    You can select an existing name or enter a new name for the edge location.

    High Availability

    The high availability mode.

    • Off creates only the primary Edge Gateway with one active peering.

    • On (Active Standby Mode) enables Edge Gateway connection with one active peering and one standby peering. Only the active peering forwards network traffic. The network switches to the standby peering when the primary peering goes down.

    • On (Active Active Mode) enables Edge Gateway connections with all active peerings to perform load sharing and forward network traffic.

    Preemptive

    Determines the network’s behavior when the primary gateway goes down.

    Preemptive is applicable only when High Availability is set to On with Active Standby Mode. The Preemptive is set on the primary gateway.

    • On enables the network to automatically switch back to the primary gateway when the primary gateway connection is back up.

    • Off enables the network to continue to use the standby gateway even after the primary gateway is back up, until you initiate a manual switchover.

    Primary Device

    The edge device where you want to deploy the primary Edge Gateway.

    Secondary Device

    The edge device where you want to deploy the secondary (HA) Edge Gateway.

    The primary and secondary devices must have the same hardware configuration.

    Gateway Resource Size

    The gateway size.

    • Small - 2 vCPU - 4GB

    • Medium - 4 vCPU - 8GB

    • Large - 8 vCPU - 16GB

    • X-Large - 16 vCPU - 32GB

  3. Next, configure the WAN, LAN, and Management interfaces.

Configuring the Edge Gateway Interfaces

By default, an Edge Spoke Gateway has three interfaces: one WAN interface on eth0, one LAN interface on eth1, and one Management interface on eth2. You will need these configuration information to configure the interfaces.

In the Interface Configuration section, configure the WAN, LAN, and Management interfaces for the Edge Gateway. If High Availability mode is selected, then configure both the primary and secondary Edge Gateways.

For IP and DNS settings, enter using the applicable format. For example, if the Edge Gateway’s WAN IP is 10.1.1.151, enter 10.1.1.151/24 or what your netmask is.

Configuring the WAN Interface

To configure the WAN interface:

  1. Click WAN, then provide the following information.

    Field

    Description

    IP Assignment

    The default is Static for static IP assignment.

    DHCP for dynamic IP address assignment is not supported.

    Interface Labels

    Name to identify the WAN interface.

    Default Gateway IP

    The Default Gateway IP address for the WAN interface.

    Public IP

    The public IP for the WAN interface.

    The public IP of the WAN interface is used for peering connections over the public network.

Configuring the LAN Interface

To configure the LAN interface:

  1. Click LAN, then provide the following information.

    Field

    Description

    IP Assignment

    The default is Static for static IP assignment.

    DHCP for dynamic IP address assignment is not supported.

    VRRP

    To enable Virtual Router Redundancy Protocol (VRRP) on the Edge Gateway, set this switch to On.

    Interface CIDR

    The native VLAN interface IP address.

    This interface is where untagged packets are sent.

    VRRP Gateway IP

    The Virtual IP for the VRRP Gateway, when VRRP is enabled.

    Default Gateway IP

    The Default Gateway IP address for the native VLAN interface.

    Interface Labels

    Name to identify the native VLAN interface.

  2. If your LAN is segmented into virtual LANs (VLANs), click + VLAN Interface to add one or more VLAN sub-interfaces, then provide the following information for each VLAN sub-interface.

    You cannot edit the VLAN ID after the Edge Gateway is created. To edit the VLAN sub-interface attributes, it is highly recommended to delete and recreate the VLAN sub-interface configuration.

    Field

    Description

    VLAN ID

    The VLAN ID.

    VLAN ID must be a number between 2 and 4092.

    VLAN Interface CIDR

    The VLAN sub-interface IP address.

    Default Gateway IP

    The Default Gateway IP address for the VLAN sub-interface.

    Sub-Interface Tag

    Name to identify the VLAN sub-interface.

    When a secondary HA Edge Gateway is configured, the VLAN configurations that are shared between the primary and secondary gateway and are non-editable on the secondary gateway.

Configuring the MGMT Interface

To configure the Management interface, click MGMT, then provide the following information.

Field

Description

IP Assignment

The MGMT interface defaults to DHCP.

The Edge Gateway will automatically NAT out of the physical MGMT interface of the edge node when using the Aviatrix Edge platform. This setting cannot be changed.

Private Network

Leave this setting to Off.

The Edge Gateway on the edge hardware requires public Internet reachability to connect to the Aviatrix Controller and Aviatrix Edge infrastructure in the cloud.

Egress CIDR (Secondary)

The Egress public IP for the secondary Edge Gateway’s Management interface when High Availability is configured.

If a required field is missing, the interface tab is highlighted to indicate there is an error.

Gateway Configuration

Field

Description

Name

Name for the Edge Gateway.

The name must start with a letter and contain only letters, numbers, and dashes (no special characters or spaces) and it can be up to 50 characters long.

Platform

The platform account where you want to deploy the Edge Gateway.

You can create and edit platform accounts in CoPilot by going to Cloud Fabric > Hybrid Cloud > Platforms tab .

Site

Identifies the edge location.

You can select an existing name or enter a new name for the edge location.

High Availability

The high availability mode.

  • Off creates only the primary Edge Gateway with one active peering.

  • On (Active Standby Mode) enables Edge Gateway connection with one active peering and one standby peering. Only the active peering forwards network traffic. The network switches to the standby peering when the primary peering goes down.

  • On (Active Active Mode) enables Edge Gateway connections with all active peerings to perform load sharing and forward network traffic.

Preemptive

Determines the network’s behavior when the primary gateway goes down.

Preemptive is applicable only when High Availability is set to On with Active Standby Mode. The Preemptive is set on the primary gateway.

  • On enables the network to automatically switch back to the primary gateway when the primary gateway connection is back up.

  • Off enables the network to continue to use the standby gateway even after the primary gateway is back up, until you initiate a manual switchover.

Primary Device

The edge device where you want to deploy the primary Edge Gateway.

Secondary Device

The edge device where you want to deploy the secondary (HA) Edge Gateway.

The primary and secondary devices must have the same hardware configuration.

Gateway Resource Size

The gateway size.

  • Small - 2 vCPU - 4GB

  • Medium - 4 vCPU - 8GB

  • Large - 8 vCPU - 16GB

  • X-Large - 16 vCPU - 32GB

Interface Configuration WAN Interface

Field

Description

IP Assignment

The default is Static for static IP assignment.

DHCP for dynamic IP address assignment is not supported.

Interface Labels

Name to identify the WAN interface.

Default Gateway IP

The Default Gateway IP address for the WAN interface.

Public IP

The public IP for the WAN interface.

The public IP of the WAN interface is used for peering connections over the public network.

LAN Interface

Field

Description

IP Assignment

The default is Static for static IP assignment.

DHCP for dynamic IP address assignment is not supported.

VRRP

To enable Virtual Router Redundancy Protocol (VRRP) on the Edge Gateway, set this switch to On.

Interface CIDR

The native VLAN interface IP address.

This interface is where untagged packets are sent.

VRRP Gateway IP

The Virtual IP for the VRRP Gateway, when VRRP is enabled.

Default Gateway IP

The Default Gateway IP address for the native VLAN interface.

Interface Labels

Name to identify the native VLAN interface.

VLAN Interface

If your LAN is segmented into virtual LANs (VLANs), click + VLAN Interface to configure one or more VLAN sub-interfaces.

You cannot edit the VLAN ID after the Edge Gateway is created. To edit the VLAN sub-interface attributes, it is highly recommended to delete and recreate the VLAN sub-interface configurations.

Field

Description

VLAN ID

The VLAN ID.

VLAN ID must be a number between 2 and 4092.

VLAN Interface CIDR

The VLAN sub-interface IP address.

Default Gateway IP

The Default Gateway IP address for the VLAN sub-interface.

Sub-Interface Tag

Name to identify the VLAN sub-interface.

When a secondary HA Edge Gateway is configured, the VLAN configurations that are shared between the primary and secondary gateway and are non-editable on the secondary gateway.

MGMT Interface

Field

Description

IP Assignment

The MGMT interface defaults to DHCP.

The Edge Gateway will automatically NAT out of the physical MGMT interface of the edge node when using the Aviatrix Edge platform. This setting cannot be changed.

Private Network

Leave this setting to Off.

The Edge Gateway on the edge hardware requires public Internet reachability to connect to the Aviatrix Controller and Aviatrix Edge infrastructure in the cloud.

Egress CIDR (Secondary)

The Egress public IP for the secondary Edge Gateway’s Management interface when High Availability is configured.

Verifying Edge Gateway Creation

To verify the Edge Gateway is up, wait for 5 minutes after you have deployed the gateway on the Edge platform, then check the Edge Gateway status in Aviatrix CoPilot.

To verify the Edge Gateway creation:

  1. In Aviatrix CoPilot, go to Monitor > Notifications > Tasks tab.

  2. In the table, expand the gateway create task to see the progress.

    Depending on the settings you configured, it lists the following stages of the gateway creation:

    1. Creates the primary gateway

    2. Updates the primary gateway’s interface configurations

    3. Creates the secondary HA gateway.

    4. Updates the secondary HA gateway’s interface configurations.

    When all the sub-tasks are complete, the create gateway task status is changed to Completed.

To verify the Edge Gateway status:

  1. Go to Cloud Fabric > Hybrid Cloud > Edge Gateways tab.

  2. Select Spoke Gateways or Transit Gateways.

  3. In the table, locate the Edge Gateway and hover over the Status icon next to the Edge Gateway name.

    edge-verify

  4. Verify that the Edge Gateway status is Up.

    Click the refresh button to update the registration status.

    If the Edge Gateway status is not up, you can troubleshoot edge connectivity using CLI commands on the Edge Gateway console. See Troubleshooting Edge Gateway Connectivity.

Attaching the Edge Gateway to the Transit Gateway

Prerequisites

  1. Ensure Local ASN Number is configured on Edge and Transit Gateway.

  2. If the Edge to Transit Gateway attachment is over public network, you need to update the WAN Public IP on the Edge Gateway.

    1. Go to Cloud Fabric > Edge > Gateways tab.

    2. Locate the Edge Gateway, and click its Edit icon on the right.

    3. In Edit Edge Gateway, scroll to the Interfaces section and click WAN.

    4. In Public IP, click Discover.

      edge discover public ip

    5. Verify the WAN Public IP and click Save.

Attach Edge Gateway to Transit Gateway

You can attach an Edge Gateway to multiple Transit Gateways. Each attachment can be configured with different parameters, such as connecting interfaces, connection over private or public network, high-performance encryption, and Jumbo Frame.

  • To create a High Performance Encryption mode attachment, make sure the Transit Gateway is created with High Performance Encryption enabled.

  • If you want Jumbo Frame enabled on the Edge Gateway, make sure to enable Jumbo Frame on the Edge Gateway before you attach it to the Transit Gateway.

In Aviatrix CoPilot:

  1. Go to Cloud Fabric > Edge > Gateways tab.

  2. Locate the Edge Gateway, click the three-dot vertical menu on the right, and select Manage Transit Gateway Attachment.

    edge-attach-edge-to-transit

    Click + Transit Gateway Attachment, then provide the following information.

    Parameter

    Description

    Transit Gateway

    From the dropdown menu, select the Transit Gateway to attach to the Edge Gateway.

    Connecting Edge Interfaces

    From the dropdown menu, select the WAN interface connection to the Transit Gateway.

    Advanced

    Configure the settings that apply.

    Attach over Private Network

    If the Edge WAN connection to the Transit Gateway is over a private network, set this toggle to On.

    Leave it Off if the connection is over the public internet.

    Jumbo Frame

    If you want to use Jumbo Frames for the Transit-to-Edge Gateway connection, set this toggle to On.

    High Performance Encryption

    If you want to enable high-performance encryption for the Transit-to-Edge Gateway connection, set this toggle to On.

    In Number of Tunnels, enter the number of HPE tunnels to create.

    • For HPE over private network, setting the number of tunnels to 0 creates maximum tunnels based on the peering gateway size.

    • For HPE over public network, the number of tunnels count supported range is between 2 and 20.

  3. To attach the Edge Gateway to another Transit Gateway, click + Transit Gateway Attachment again and provide the required information.

  4. Click Save.

Next, connect the Edge Gateway to the external device.

Connecting the Edge Gateway to an External Device (BGP over LAN)

For LAN-side connectivity, you can connect the Edge Spoke Gateway to an external device, such as a LAN BGP router.

To connect the Edge Gateway to the LAN BGP router, follow these steps.

  1. In CoPilot, navigate to Networking > Connectivity > External Connections (S2C) tab.

  2. Click + External Connection, then provide the following information.

    Parameter Description

    Name

    Name to identify the connection to the LAN router.

    Connect Local Gateway To

    Select External Device radio button, then from the dropdown menu, select BGP over LAN.

    Local Gateway

    The Edge Gateway to connect to the LAN router.

    Local ASN

    The Local AS number the Edge Gateway will use to exchange routes with the LAN router.

    This is automatically populated if the Edge Gateway is assigned an ASN already.

    Remote ASN

    The BGP AS number configured on the LAN router.

  3. Click + Connection and provide the following information.

    Parameter Description

    Remote LAN IP

    The IP address for the LAN router.

    Local LAN IP

    This is automatically populated with the Edge Gateway LAN interface IP address.
    edge external connection

  4. Click Save.