Understanding Aviatrix Secure Edge Routing
If the connectivity to the Cloud Service Provider (CSP) is over a private network:
-
The edge (WAN) router runs a BGP session to VGW/VNG where the edge router advertises an Edge Gateway WAN subnet network, and the VGW/VNG advertises the Transit VPC CIDR. GCP and OCI is also supported.
-
The Edge Gateway LAN interface runs a BGP session to the edge (LAN) router where the edge router advertises the on-prem network address range to Edge Gateway LAN interface.
-
The Aviatrix Edge Gateway exchanges routes with the Transit Gateways. This is performed by leveraging SDN capabilities of the platform. The Edge Gateway will advertise BGP routes learned from the LAN router, and the Aviatrix Transit Gateways will advertise Spoke routes to the Aviatrix Edge Gateways.
If the connectivity to the CSP is over a public network:
-
The Edge Gateway can leverage either direct public IP configuration on the WAN interfaces or RFC1918 addresses that are NATed and routed to the Internet.
-
The Edge Gateway LAN interface runs a BGP session to the edge router where the edge router advertises the on-prem network address range to the Edge Gateway LAN interface.
Disabling LAN CIDR Propagation to Transit Gateway
The Aviatrix Edge Gateway exchanges routes with the Transit Gateways. The Edge Gateway advertises the CIDRs associated with the LAN and VLAN interfaces to the Aviatrix Transit Gateway, by default. If you do not need LAN CIDR propagation, you can disable this feature.
If there are workloads on the LAN or the VLAN CIDR, then disabling LAN and VLAN interface CIDR propagation may cause network traffic to be dropped, since Transit Gateway will not have learned the LAN or VLAN CIDRs. |
To disable LAN and VLAN CIDR propagation:
-
In CoPilot, go to Cloud Fabric > Edge > Edge Gateways tab.
-
In the table, select the Edge Gateway for which to disable LAN CIDR propagation.
-
In the Edge Gateway’s Settings tab, expand the Routing section.
-
Click LAN/VLAN Interface CIDR Propagation toggle to Off.