Direct Connect to Aviatrix Transit – Option 1


This is the first of the three articles. It will be the easiest to accomplish but with constrains.

  1. Virtual Private Gateway (VGW) has to be created in the same region as the Direct Connect Private Virtual Interface (VIF).
  2. Each VIF is dedicated to one VGW.
  3. VGW is NOT attached to the VPC
  4. Aviatrix orchestrate Customer Gateways and VPN Connections, building 2x IPSec/BGP tunnels per Aviatrix Transit Gateway.
  5. Each IPSec tunnel have 1.25G throughput limit
  6. Private Virtual Interface support up to 100 BGP routes, BGP session will go down when more routes been advertised.

A side note: Direct Connect Gateway can NOT be used here, as VGW is NOT attached to a VPC

Steps to create the connection

  • In the same region of Aviatrix Transit Gateway, create Virtual Private Gateway and specify and custom ASN number
  • In Aviatrix Transit gateway, make sure to specify ASN number
  • In Aviatrix Multi-Cloud Transit menu, add newly created VGW as external connection, note if you have attached VGW to VPC, and error would occur.
  • After the external connection workflow is completed, you will observe in AWS console that customer gateways and Site-to-Site VPN connections got created automatically
  • Observe in Aviatrix Site2Cloud menu, a connection have been created
  • In CoPilot, eventually (it take a few minutes for the VPN connection and BGP session to be up. AWS VGW does not proactively initiate connections, be patient!)
  • Get a DX connection to your account, and note down VLAN number, accept the connection and wait a few min for it to be established.
  • Create Virtual Interface
    • Pick the connection created earlier
    • Pick Virtual Private Gateway as the Gateway type and pick the VGW created earlier
    • Enter the VLAN number of the connection (Will error out if wrong VLAN number entered)
    • Enter your OnPrem device BGP ASN
  • Open the VIF just created and note down
    • Your router peer IP <- IP that you need to set on your router/firewall
    • Amazon router peer IP < IP of the VIF, try to ping from your router to it to make sure L2 connectivity is there
    • BGP authentication key
  • Last configure your router/firewall to establish BGP connection with VIF.
,

Leave a Reply

Your email address will not be published.