About Edge Transit Gateway External Connection

Many enterprises today use cloud adjacent and on-premises data center locations for connecting various remote sites and partners. The ability to seamlessly build a secure network fabric to cloud and remote sites and deploy segmentation controls to meet agility and business zero trust architecture is increasingly vital for customers with workloads that span multiple locations.

What is Edge Transit Gateway External Connection?

Aviatrix Edge Transit Gateway external connection site-to-cloud (S2C) allows enterprises to build secure connectivity across non-CSP locations and build networks that address segmentation and IP address overlapping for M&A deployments. You can leverage Edge Transit Gateway external connection to land VPN connections from on-premises, datacenters (DCs), and network provider locations, such as Equinix and Megaport, in a simple and secure way to protect workload following Zero Trust Network Access (ZTNA) principles.

Aviatrix Edge Transit Gateway external connection (S2C) provides these key benefits:

  • Simplified Deployment: Build secure tunnels seamlessly from any on-premises, datacenter, and network provider locations such as Equinix and Megaport.

  • Scalability: Single Edge Transit Gateway can support multiple external connections.

  • Security: Build segmentation for tunnels to protect and secure hybrid and partner connectivity.

  • Automated Network Address Translation (NAT): Simplifies NAT policy configuration, making it easier to manage overlapping IP addresses improving network integration and communication.

  • Overlapping IPs: Solves IP address overlapping challenges with NAT on Edge Transit Gateway tunnels. This helps with M&A onboarding and rapid time to value all while securing the networks.

  • On-Premises Device Compatibility: The solution seamlessly interoperates with various on-premises devices, supporting different encryption algorithms and configurations, especialy beneficial for SaaS providers connecting with diverse customer equipment.

  • High Availability and Redundancy: Support for dynamically rerouting traffic to backup gateways if the primary tunnel experiences downtime.

  • Visibility and Troubleshooting: Aviatrix provides detailed insights and diagnostic tools, aiding in effective troubleshooting and network management.

How does Edge Transit Gateway External Connection work?

Aviatrix’s Edge Transit Gateway establishes encrypted connections to partner, remote sites, and external networks, facilitating secure data transfer over the internet or over private networks.

The Edge Transit Gateway supports BGP over IPsec, BGP over GRE, and BGP over LAN connections. It runs a BGP session to an external device, such as a remote router or firewall to dynamically exchange routes. The remote endpoints can be active-mesh or standalone devices. The gateway uses the tunneling protocol to build a tunnel to the external device for packet forwarding.

How do you create Edge Transit Gateway External Connection?

Aviatrix Edge Transit Gateway external connection (S2C) can be created in:

  • Appliance form factor on the Aviatrix Edge Platform (AEP)

  • Equinix

  • Megaport

For more information, see Edge Transit Gateway External Connection Workflow.

Design Examples

Connect remote sites and on-premises datacenter to cloud

The following architecture shows Edge Transit Gateway external connection (S2C) to connect remote offices and on-premises datacenter to cloud workloads.

600

Edge Transit Gateway External Connection in Megaport

The following diagram shows Edge Transit Gateway external connection (S2C) to connect a customer network at DC or in another MVE to cloud.

edge transit s2c2

The diagram shows:

  • Edge Transit Gateway external IPsec connection to a remote customer network.

  • Edge Transit Gateway external IPsec connection to SDWAN.

Edge Transit Gateway External Connection for Peering Between Edges

The following diagram shows two Transit Edge Gateways deployed in two Megaport locations to peer between edges.

edge transit s2c3

The diagram shows:

  • Edge Transit Gateway external connection to another MVE via SDWAN device.

  • Edge Transit Gateway could also have an external connection to a remote network over internet.

Edge Transit Gateway external connection (S2C) simplifies building end-to-end secure network and enables setting up segmentation for different connections for Zero Trust Network Access (ZTNA).