About Aviatrix Edge Gateway Interfaces and Ports and Protocols
The following sections describe the virtual machine instance configuration, network interfaces, ports and protocols, and access requirements for Aviatrix Edge Gateway deployment.
Virtual Machine CPU and Memory Configurations
The following table provides CPU and memory configurations of the virtual machine instance supported for the Aviatrix Edge Gateway deployment.
Deployment Type | Hardware Profile | Storage Requirements | Note |
---|---|---|---|
Small |
2 vCPU - 4GB |
64 GB |
<1Gbps Throughput |
Medium |
4 vCPU - 8GB |
64 GB |
<5Gbps throughput |
Large |
8 vCPU - 16GB |
64 GB |
~10Gbps throughput |
X-Large |
16 vCPU - 32GB |
64 GB |
~10Gbps throughput |
We recommend that you not change the Edge VM resource allocation after deploying it. Aviatrix support may not be able to assist with any issue that occurs on a system with customized resource allocation. |
Over subscription of host resources can lead to a reduction of performance and your instance could become unstable. We recommend that you follow the guidelines and the best practices for your host hypervisor.
Aviatrix Edge Gateway Network Interfaces
By default, an Aviatrix Edge Gateway has three interfaces: one WAN interface on eth0, one LAN interface on eth1, and one Management interface on eth2.
Interface | Description |
---|---|
WAN (eth0) |
Provides connectivity to the Aviatrix Transit Gateway. When deploying Aviatrix Edge in on-premise locations, the connectivity to Transit Gateway is via the WAN interface and requires a default gateway to provide the underlay connectivity to the CSP and Layer 3 reachability to the Transit Gateway’s Private or Public IP. |
LAN (eth1) |
Provides connectivity to the LAN network. LAN network can be either VLAN network in on-premise or use BGP. When using BGP, a BGP-enabled router is required to peer with Edge Gateway LAN interface via BGP over LAN. |
Management (eth2) |
Provides connectivity to the Aviatrix Controller, Aviatrix CoPilot, Aviatrix software download and tracelog upload. Requires a default gateway, DNS access, and Internet access. |
|
Aviatrix Edge Gateway Ports and Protocols
The Aviatrix Edge Gateway requires outbound access to communicate with the Aviatrix Controller. You must allow access on these ports on your firewall.
Additional required outbound ports are described in the table below. |
Source | Destination | Port | Purpose |
---|---|---|---|
WAN eth0 |
Aviatrix Transit Gateway eth0 private or public IP address. If multiple WAN interfaces are configured, this access must be allowed for all WAN links. |
UDP 500 |
IPsec |
WAN eth0 |
Aviatrix Transit Gateway eth0 private or public IP address. If multiple WAN interfaces are configured, this access must be allowed for all WAN links. |
UDP 4500 |
IPsec |
Mgmt eth2 |
DNS server |
UDP 53 |
DNS lookup |
Mgmt eth2 |
Aviatrix Controller FQDN or private or public IP address. |
TCP 443 |
Edge to Controller |
Mgmt eth2 |
Aviatrix CoPilot FQDN or private or public IP address. |
UDP 5000 |
Syslog |
Mgmt eth2 |
Aviatrix CoPilot FQDN or private or public IP address. |
UDP 31283 |
Netflow |
|
WAN Interfaces on Edge Gateway
Aviatrix Secure Edge supports single or multiple WAN interfaces. Single WAN interface is applicable in on-premise locations. Multiple WAN interfaces can be used in Equinix Network Edge platform (see Multiple WAN Interface Support (Equinix Platform).
When deploying Aviatrix Edge in on-premise locations, the connectivity to Transit Gateway is via the WAN interface and requires a default gateway to provide the underlay connectivity to the CSP.
Multiple WAN Interface Support (Equinix Platform)
When deploying Aviatrix Secure Edge in Equinix Network Edge, multiple WAN interfaces can be leveraged for connectivity to Transit Gateways deployed in different CSPs over private connections such as Direct Connect and Express Route. The WAN interface on Aviatrix Edge Gateway can support BGP where the private CSP virtual connections can terminate directly on the Edge Gateway. Aviatrix Edge Gateway enables the CSP virtual connection as the underlay to reach the Transit Gateways.
Enabling Additional WAN Interface
Additional WAN interfaces is only supported on the Equinix platform. |
When configuring Edge Gateway WAN interfaces, additional WAN interfaces can only be configured on eth3, eth4, and so on. While up to 8 WAN interfaces is supported, Aviatrix recommends a maximum of 4 WAN interfaces per Edge Gateway.
Additional WAN interface can be added during or after the primary Edge Gateway is created.
During Edge Gateway creation, in Interface Configuration, click WAN > + WAN Interface to configure additional WAN interface.
Turn on BGP to set up peering connection to the Direct Connect or Express Route circuits via Equinix to CSPs.
You can also set up additional WAN interfaces after the Edge Gateway is created from the Edge Gateway’s edit page.
LAN Interface on Edge Gateway
Aviatrix Secure Edge supports LAN interface with either BGP or VLAN support towards on-premises. BGP is used when on-premises networks are learned via BGP, in which case a BGP router on LAN can be peered with Edge Gateway. This setup is also applicable to Edge Gateway deployed on Equinix Network Edge platform.
VLAN interfaces on Edge Gateway can be used on-premises when Edge Gateway is used as a LAN router. VRRP is also supported in this scenario with Active/Standby support on Edge gateways.
Multiple VLAN Interface Support (Aviatrix Edge Platform)
Aviatrix Edge Gateway supports multiple VLAN interface on the LAN ethernet port. This is applicable when using Aviatrix Edge Gateway in on-premise locations where the Edge Gateway is used as a LAN router with VLANs terminating on the Edge Gateway.
Enabling Additional VLAN Interface
Additional VLAN interface can be added during or after the primary Edge Gateway is created supporting trunked ports (multiple VLAN tags).
During Edge Gateway creation, in Interface Configuration, click LAN > + VLAN Interface to configure additional VLAN interface.
See Planning Aviatrix Secure Edge Deployment for On-Premise for the prerequisites steps before deploying an Edge Gateway.
You can also set up additional VLAN interfaces after the Edge Gateway is created from the Edge Gateway’s edit page.