About High Availability Gateways

The Aviatrix High Availability feature enabled deployment of multiple gateway instances within a VPC or VNet to support high availability and scalability, aiming to minimize network downtime and improve overall network stability and performance.

In this setup, each gateway consists of multiple gateway instances operating in Active-Active mode. Network traffic flow is load balanced across all available gateway instances within that VPC or VNet. The Aviatrix Controller automatically updates CSP route tables to distribute traffic among all active gateway instances.

When highly available (HA) gateway instances are deployed, the Aviatrix Controller monitors the status of each instance. If it detects a gateway instance is down, it automatically redirects traffic to the remaining active gateway instances in that VPC or VNet.

Aviatrix Platform supports up to 15 highly available instances for Transit and Spoke Gateways. At least two instances are required for highly availability. The gateway instances are configured in Active-Active mode by default.

A Transit Gateway is limited to two gateway instances in the following scenariios:

A Spoke Gateway is also limited to two gateway instances under these conditions:

A Gateway requires at least one instance for deployment. You can add more instances during or after gateway creation.

Aviatrix CoPilot assigns a name to each gateway instance automatically. The initial gateway instance takes the same name as the Gateway, while additional instances are named in the format <_gateway-name_>-<_instance-number_>.

All gateway instances are configured in Active-Active mode and will handle traffic forwarding in the event of tunnel failure between Spoke VPC or VNet and Transit VPC or VNet. For best practice, each gateway instance in a VPC or VNet should be created on a different public subnet in a different availability zone, if available.

Gateway instances share the same properties as the Gateway, such as instance size, high performance encryption, and attachments. When a property such as instance size is modified for the Gateway, this change applies to all gateway instances within that VPC or VNet.

Aviatrix CoPilot does not support resizing individual gateway instances. However, individual gateway instances can be resized using Terraform resources aviatrix_transit_gateway, aviatrix_spoke_gateway, or aviatrix_gateway for regular gateways. For further details, see Aviatrix Provider.

The High Performance Encryption setting cannot be modified once the Gateway has been created

To create a HA gateway instance, see:

When deploying the Aviatrix Platform with Terraform, a highly available Spoke Gateway instance can be created using the Terraform resource aviatrix_spoke_ha_gateway.

Use the aviatrix_spoke_gateway Terraform resource to create the Spoke Gateway, ensuring manage_ha_gateway is set to false so you can deploy highly available gateway instances with the aviatrix_spoke_ha_gateway resource. Avoid any input options starting with "ha" for the Spoke Gateway. For further details, see Aviatrix Provider.

You can remove one or more highly available gateway instances from a VPC or VNet.

When gateway instances are removed, the Aviatrix Controller automatically updates the CSP route tables to forward network traffic to the remaining highly available gateway instances in that VPC or VNet.

The initial gateway instance can only be deleted by removing the Gateway itself. Prior to deleting the Gateway, all other gateway instances in the VPC or VNet must be deleted and all gateway peerings must be detached.