About Spoke Gateway Routing Policy

The Configure Private VPC/VNet Default Route policy minimizes VPC private routing table programming.

This route policy allows the Aviatrix Controller to program a default route in the Transit VPC’s private routing table to point to the Spoke Gateway. Subsequently, any route change from the attached Transit Gateway will need no route change to the Transit Gateway’s private routing table.

The Skip Public VPC/VNet Route Table policy minimizes VPC public routing table programming.

This route policy allows the Aviatrix Controller to skip the Spoke VPC’s public routing table programming for non-RFC 1918 route changes from the attached Transit Gateway.

This route policy is only supported for Spoke Gateways in AWS.

Dynamic Route updates on Spoke Gateway for Site2Cloud allows regional redundancy for overlapping and non-overlapping CIDRs.

With Auto Advertise Spoke Site2Cloud CIDRs policy, route will be auto advertised or removed for remote and local virtual CIDRs when:

The Customize Spoke VPC/VNet Route Table routing policy enables you to customize Spoke VPC or VNet route table entry by specifying a list of comma separated CIDRs.

When a CIDR is specified, automatic route propagation to the Spoke(s) VPC or VNet will be disabled, overriding propagated CIDRs from other Spoke and Transit gateways and on-premises network. For example, you could enable this policy by specifying CIDRs for a Spoke VPC or VNet that is customer facing and your customer is propagating routes that may conflict with your on-premises routes.

When this route policy is enabled on an Aviatrix Spoke Gateway, only that gateway VPC or VNet route table is applied.

To disable this policy, leave the CIDRs field empty.

The Exclude Learned CIDRs to Spoke VPC/VNet Route Table routing policy enables you to filter on-premises network CIDRs to Spoke VPC or VNet route table entry by specifying a list of comma separated CIDRs. For example, you could enable this policy by specifying CIDRs for a Spoke VPC or VNet that is customer facing, and you do not want your customer to access all your on-premises network CIDRs.

The Customize Spoke Advertised VPC/VNet CIDRs routing policy enables you to selectively exclude some VPC or VNet CIDRs from being advertised to on-premises.

For example, if you have Spoke VPCs or VNets that have multiple CIDR Spoke VPCs or VNets, the Aviatrix Controller will reject them as there are overlapping CIDRs. By excluding the overlapping CIDRs, you will be able to attach the Spoke VPC/VNets.

When this policy is applied to an Aviatrix Spoke Gateway, the list is a "Include list", that is, only the CIDRs in the input fields are advertised to on-premises. Include list can be network ranges that are outside the Spoke VPC or VNet CIDR.

The Update Encrypted Spoke VPC/VNet CIDRs routing policy queries the cloud service provider (CSP) and updates the Aviatrix Spoke VPC or VNet route tables with any added CIDRs without requiring to detach or re-attach the Spoke Gateway.

For example, when new subnets and instances are added to a Spoke VPC, Aviatrix automatically updates the Spoke VPC route tables and propagates the new CIDRs to the transit network depending on the routing configurations.