Direct Connect to Aviatrix Transit – Option 1

This is the first of the three articles. It will be the easiest to accomplish but with following requirements, and constrains highlighted.

  1. Virtual Private Gateway (VGW) has to be created in the same region as the Direct Connect Private Virtual Interface (VIF).
  2. Each VIF is dedicated to one VGW.
  3. VGW is NOT attached to the VPC
  4. Aviatrix orchestrate Customer Gateways and VPN Connections, building 2x IPSec/BGP tunnels per Aviatrix Transit Gateway.
  5. Each IPSec tunnel have 1.25G throughput limit
  6. Private Virtual Interface support up to 100 BGP routes, BGP session will go DOWN when more routes been advertised. In layman’s term when this happens, Cloud won’t see OnPrem routes, and OnPrem won’t see Cloud routes, connectivity between Cloud and OnPrem will be LOST. You must summarize advertised routes on both ends to be lower than 100 to get around this limit.
  7. Between On-Premise to VGW, traffic maybe protected by MACSec, but still expose to man in the middle attack. Reference article: Securing your network connection to the cloud: MACSec vs. IPSec
Continue reading