Creating a Transit Gateway
Follow the steps below to create a Transit Gateway and highly available Transit gateway instance.
-
In CoPilot, navigate to Cloud Fabric > Gateways > Transit Gateways tab, and click + Transit Gateway.
-
Create the Transit Gateway.
Provide the following information for the Transit Gateway.
Parameter
Description
Name
Enter a name for the Transit gateway.
Cloud
Select the Cloud Service Provider (CSP) where to create the Transit Gateway.
When you select AWS and Azure, you can use the dropdown menu to select Standard or Global, China, or GovCloud.
Account
Select the cloud access account for creating the Transit Gateway.
Region
Select the cloud region in which to create the Transit Gateway.
VPC/VNet
Select the VPC or VNet in the selected region in which to create the Transit Gateway.
If the selected Transit gateway will be used in a Transit FireNet workflow, selecting a VPC/VNet that has the Transit + FireNet function enabled means that a particular set of /28 subnets have been created across two availability zones. This function is enabled when the VPC/VNet is created.
Instance Size
Select the gateway instance size.
-
When selecting Transit Gateway instance size, choose a t2 series for Proof of Concept (POC) or prototyping only. Transit Gateway of t2 series instance type has a random packet drop of 3% for packet size less than 150 bytes when interoperating with VGW. This packet drop does not apply to Spoke Gateway.
-
When selecting the gateway size, note that the size you select affects your IPsec performance. You can change the Transit Gateway size later.
High Performance Encryption
Set this toggle to On to enable High Performance Encryption (HPE) for the Transit Gateway.
HPE enables 10Gbps and higher IPsec performance between two single Aviatrix Gateway instances or between a single Aviatrix Gateway instance and on-prem Aviatrix appliance.
You cannot set High Performance Encryption to On or Off after the Transit Gateway is created.
Peer to Transit Gateways
Select the Transit Gateways to peer with this Transit Gateway.
Use the Advanced Settings section to set the advanced gateway settings that may apply.
Parameter
Description
Transit Egress Capability (all clouds except OCI and Alibaba)
Set this toggle to On to add Transit Egress Capability to this Transit Gateway.
Gateways that turn On Transit Egress Capability are now ready to have attachments added (FireNet or Transit Egress).
For Azure and GCP, selecting Transit Egress Capability must occur when the gateway is created. Otherwise it will not display as an available Transit Gateway when adding FireNet or Transit Egress to a Transit Gateway.
BGP over LAN (Azure and GCP)
Set this toggle to On for BGP over LAN connections for this Transit Gateway.
For Azure, also enter the number of BGP over LAN interfaces you need (maximum is eight).
For GCP, select the subnet on which to apply the BGP over LAN connection.
For GCP, you cannot set BGP over LAN to On after the Transit Gateway is created.
Use the Instances section to create highly available Transit gateway instances.
-
A Transit Gateway can have up to two highly available gateway instances.
-
The gateway instances share the same properties as the Transit Gateway.
-
The gateway instances are created in active-active mode.
To create a gateway instance, click + Instance and designate the subnet and IP address of the gateway instance.
Parameter Description Attach to Subnet
Select the subnet in which to create the Transit gateway instance.
For best practice, select a different subnet in a different availability zone from the other Transit gateway instance.
Public IP
Select the public IP address of the gateway instance.
(AWS only) To allocate a new EIP, leave Public IP as Allocate New Static Public IP.
-
-
Click Save.
For more information about these settings, see Enabling Transit Gateway General Settings.