What’s New in the Aviatrix Controller?

The Controller Proxy feature has been deprecated and is no longer supported starting with version 8.1.0. Users should transition to direct outbound access or an alternative network configuration.

The Gateway Audit feature and related UI settings are deprecated and will be removed in a future release. The configuration option may still appear in the Controller UI under Settings > Advanced > Gateway, but is no longer functional or supported.

Gateways are now containerized to improve upgrade safety, observability, and rollback capabilities. This architecture reduces upgrade time by over 60% and lays the groundwork for future enhancements such as hitless upgrades.

Extends containerized architecture to Aviatrix Edge platforms, improving image upgrade handling and preserving gateway state during reboots.

Increases the number of supported gateways in a Transit Gateway group from 2 to 15. Improves throughput, availability zone coverage, and scale for large and distributed cloud networks.

Adds support for custom source and destination NAT on HPE Spoke Gateways across AWS, Azure, and Edge. Enables flexible NAT policies for hybrid environments, multitenancy, and Kubernetes deployments.

Supports route approval using supernet constraints (e.g., greater-than, less-than) for efficient CIDR range approvals. Reduces manual effort and improves scalability in enterprise-scale route management.

Default routes are now automatically inserted into new subnet route tables. This enhancement improves onboarding consistency and reduces configuration errors.

Adds support for auto-derived BGP communities based on region and cloud type. Includes Terraform and CoPilot UI integration with basic telemetry support to improve route visibility and automation.

Project-wide SSH keys are now blocked by default on GCP gateways. This change aligns with industry security best practices and audit requirements.

UI improvements now surface cloud resource dependencies when deleting a gateway. This enhancement prevents accidental infrastructure deletions and improves operational safety.

Gateway instance types and regions are dynamically updated via CDN. Enables faster support for new CSP infrastructure without requiring Controller updates.

Introduces early access support for deploying Aviatrix Transit Gateways on VMware ESXi hypervisors. Useful for hybrid and on-premises environments requiring edge-based transit routing.

Allows application teams to define outbound access policies using Kubernetes-native custom resources. Supports self-service with centralized governance by Aviatrix administrators.

Matches the SNI field in TLS connections with the certificate’s CN/SAN fields. Drops traffic on mismatch. Enhances outbound security validation for SSL/TLS traffic.

Enables L4–L7 policy enforcement using DCF on centralized Firenet egress gateways. Provides consistent SNAT behavior and replaces older egress mechanisms.

Preview support for L4 DCF enforcement on Transit Edge Gateways for securing B2B, M&A, and partner S2C connections.

The upgrade_platform API now requires two separate calls to upgrade the Controller and Gateway(s). This change prevents mixed-version upgrades and enforces an ordered upgrade process.

Default routes are automatically added to newly created subnet routing tables, improving onboarding consistency.

GCP gateways now block project-wide SSH keys by default. Enhances security posture and ensures compliance with internal audit standards.