About Aviatrix ActiveMesh
ActiveMesh is an Aviatrix Encrypted Transit Network architecture where both primary gateways and backup gateways forward packets in a load balancing fashion. The architecture statistically doubles the network throughput. In addition, in ActiveMesh mode, multiple remotes sites can be connected to the Aviatrix Transit gateways.
| ActiveMesh is enabled by default, and cannot be disabled. |
The diagram below shows an ActiveMesh deployment between Spoke and Transit where each Spoke Gateway in a VPC/VNet builds two IPsec tunnels to the primary and backup transit gateways and forwards packets to both of them inside the tunnel. The load balance mechanism leverages ECMP protocol.
When Aviatrix Controller detects that an ActiveMesh gateway is down, Controller automatically starts it again. Once the gateway comes up, it participates in packet forwarding again.
Key advantages of ActiveMesh
The key benefits of ActiveMesh are improved network resiliency, failover convergence time and performance.
ActiveMesh for Transit Gateway Peering
ActiveMesh can be applied to connect two Transit GWs. There are 4 tunnels established between the Transit GWs, as shown in the diagram below.
ActiveMesh Connection to VGW
Each Transit GW connecting to the VGW in ActiveMesh mode has two VPN tunnels to the VGW.
Link Between two ActiveMesh Gateways
The link between two ActiveMesh gateways is used to forward packets when both tunnels are down for one of the ActiveMesh gateway.
For example, in a spoke VPC/VNet, virtual machine (EC2/GCE) traffic is forwarded to the ActiveMesh primary gateway which then forwards traffic to the AVX Transit GW. If both tunnels between the ActiveMesh spoke gateway and the Transit GW are down, the packet is forwarded by the ActiveMesh primary gateway to the backup ActiveMesh gateway.
ActiveMesh 2.0
ActiveMesh 2.0 is a new iteration of ActiveMesh. The main advancement of ActiveMesh 2.0 is its deterministic nature of Next Hop selection.
Here is how Aviatrix Transit Gateway routing engine treats the following types of routes.
| Networks | Route Type | Aviatrix Transit Gateway Route Propagation |
|---|---|---|
Local TGW attached VPC/VNet CIDR |
tgwvpc |
Local |
Aviatrix Spoke gateway associated VPC/VNet CIDR |
vpc |
Local |
Azure Native Spoke associated VNet CIDR |
vpc |
Local |
Local TGW VPN dynamically learned network CIDR |
tgwedge |
Advertises TGW VPN ASN and its remote peer ASN to a remote BGP peer if it’s the best route. |
Local TGW DXGW learned network CIDR |
tgwedge |
Advertises TGW DXGW ASN and its remote peer ASN to a remote BGP peer if it’s the best route. |
Remote Aviatrix Transit Gateway Peering learned routes |
peer |
Advertises remote Aviatrix peer’s network CIDRs to a remote BGP peer if it’s the best route. |
Aviatrix Transit Gateway BGP learned from on-prem |
bgp |
Advertises to its remote peers by Aviatrix Transit Gateway peering if it’s the best route. |
Aviatrix Transit Gateway statically learned from on-prem |
static |
Local |
Aviatrix Transit Gateway associated VPC/VNet CIDR |
linklocal |
Local |
Local Firewall Egress route (0.0.0.0/0) |
transit |
Local |
Aviatrix Transit Gateway SNAT IP address |
linklocal |
Local |
With this approach, there is more visibility on learned routes regarding what paths the routes are learned from.
The next hop best path selection follows the priorities listed below.
-
Local
-
Shortest number of ASN list
-
For two identical length ASN routes, selects the next hop with the lowest Metric Value.
-
For two identical ASN length and Metric Value routes, if ECMP is disabled (this is the default configuration), selects the current best route. If there is no current best route, the next hop IP addresses are compared, the lower integer IP address is selected.
-
For two identical ASN length and Metric Value routes, if ECMP is enabled, traffic is distributed to both routes using ECMP.
Migrating to ActiveMesh 2.0
There are 3 scenarios:
| Deployment | Notes | ActiveMesh 2.0 Migration |
|---|---|---|
Non ActiveMesh deployment |
The Aviatrix Transit Gateway in the deployment has been launched before Release 5.1 (10/1/2019) |
See Migrating from Classic Aviatrix Encrypted Transit Network to Aviatrix ActiveMesh Transit Network. |
ActiveMesh 1.0 deployment |
The Aviatrix Transit Gateway was launched with ActiveMesh option enabled prior to Release 6.0 |
Migrate to ActiveMesh 2.0 by going to Settings > Maintenance > Migration > ActiveMesh 2.0 Migration, click Migrate. |
ActiveMesh 2.0 deployment |
The Aviatrix Transit Gateway was launched with ActiveMesh enabled after Release 6.0 |
ActiveMesh 2.0 is automatically enabled for brand new deployment on Controller. |