{"id":392,"date":"2022-09-16T15:27:35","date_gmt":"2022-09-16T20:27:35","guid":{"rendered":"https:\/\/cloudlearning365.com\/?p=392"},"modified":"2022-10-14T09:35:54","modified_gmt":"2022-10-14T14:35:54","slug":"direct-connect-to-aviatrix-transit-option-1","status":"publish","type":"post","link":"https:\/\/cloudlearning365.com\/?p=392","title":{"rendered":"Direct Connect to Aviatrix Transit &#8211; Option 1"},"content":{"rendered":"\n<p>This is the first of the three articles. It will be the easiest to accomplish but with following requirements, and <strong><span style=\"text-decoration: underline\"><mark style=\"background-color:#ffe2c7\" class=\"has-inline-color\">constrains<\/mark><\/span><\/strong> highlighted.<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Virtual Private Gateway (VGW) has to be created in the same region as the Direct Connect Private Virtual Interface (VIF).<\/li><li>Each VIF is dedicated to one VGW.<\/li><li>VGW is <strong><span style=\"text-decoration: underline\">NOT attached <\/span><\/strong>to the VPC<\/li><li>Aviatrix orchestrate Customer Gateways and VPN Connections, building 2x IPSec\/BGP tunnels per Aviatrix Transit Gateway.<\/li><li><mark style=\"background-color:#ffe2c7\" class=\"has-inline-color\">Each IPSec tunnel have 1.25G throughput limit<\/mark><\/li><li><mark style=\"background-color:#ffe2c7\" class=\"has-inline-color\">Private Virtual Interface support up to <a href=\"https:\/\/docs.aws.amazon.com\/directconnect\/latest\/UserGuide\/limits.html\">100 BGP routes<\/a>, BGP session will go DOWN when more routes been advertised<\/mark>. In layman&#8217;s term when this happens, Cloud won&#8217;t see OnPrem routes, and OnPrem won&#8217;t see Cloud routes, connectivity between Cloud and OnPrem will be LOST. You must summarize advertised routes on both ends to be lower than 100 to get around this limit.<\/li><li><mark style=\"background-color:#ffe2c7\" class=\"has-inline-color\">Between On-Premise to VGW, traffic maybe protected by MACSec, but still expose to man in the middle attack.<\/mark> Reference article: <a href=\"https:\/\/www.linkedin.com\/pulse\/securing-your-network-connection-cloud-macsec-vs-ipsec-brad-hedlund\/\">Securing your network connection to the cloud: MACSec vs. IPSec<\/a><\/li><\/ol>\n\n\n\n<!--more-->\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"616\" height=\"1024\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/DX-to-Aviatrix-Transit-Options-Detached-VGW-616x1024.png\" alt=\"\" class=\"wp-image-650\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/DX-to-Aviatrix-Transit-Options-Detached-VGW-616x1024.png 616w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/DX-to-Aviatrix-Transit-Options-Detached-VGW-180x300.png 180w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/DX-to-Aviatrix-Transit-Options-Detached-VGW.png 667w\" sizes=\"auto, (max-width: 616px) 100vw, 616px\" \/><\/figure>\n\n\n\n<p><strong>A side note<\/strong>: Direct Connect Gateway can NOT be used here. As VGW is NOT attached to a VPC<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"929\" height=\"593\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-11.png\" alt=\"\" class=\"wp-image-406\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-11.png 929w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-11-300x191.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-11-768x490.png 768w\" sizes=\"auto, (max-width: 929px) 100vw, 929px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Steps to create the connection<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>In the same region of Aviatrix Transit Gateway, create Virtual Private Gateway and specify and custom ASN number<br><\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"979\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-2-1024x979.png\" alt=\"\" class=\"wp-image-395\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-2-1024x979.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-2-300x287.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-2-768x735.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-2.png 1240w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>In Aviatrix Transit gateway, make sure to specify ASN number<br><\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"832\" height=\"797\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-3.png\" alt=\"\" class=\"wp-image-396\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-3.png 832w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-3-300x287.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-3-768x736.png 768w\" sizes=\"auto, (max-width: 832px) 100vw, 832px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>In Aviatrix Multi-Cloud Transit menu, add newly created VGW as external connection, note if you have attached VGW to VPC, and error would occur.<br><\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"569\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-4-1024x569.png\" alt=\"\" class=\"wp-image-397\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-4-1024x569.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-4-300x167.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-4-768x426.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-4-1536x853.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-4-2048x1137.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>After the external connection workflow is completed, you will observe in AWS console that customer gateways and Site-to-Site VPN connections got created automatically<br><\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"162\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-5-1024x162.png\" alt=\"\" class=\"wp-image-398\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-5-1024x162.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-5-300x48.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-5-768x122.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-5-1536x244.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-5-2048x325.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"138\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-6-1024x138.png\" alt=\"\" class=\"wp-image-399\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-6-1024x138.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-6-300x41.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-6-768x104.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-6-1536x207.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-6-2048x277.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li> Observe in Aviatrix Site2Cloud menu, a connection have been created<br><\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"218\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-7-1024x218.png\" alt=\"\" class=\"wp-image-400\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-7-1024x218.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-7-300x64.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-7-768x163.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-7-1536x326.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-7-2048x435.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>In CoPilot, eventually (it take a few minutes for the VPN connection and BGP session to be up. AWS VGW does not proactively initiate connections, be patient!) <br><\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"193\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-8-1024x193.png\" alt=\"\" class=\"wp-image-401\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-8-1024x193.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-8-300x56.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-8-768x144.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-8-1536x289.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-8-2048x385.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Get a DX connection to your account, and note down VLAN number, accept the connection and wait a few min for it to be established.<br><\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"189\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-1024x189.png\" alt=\"\" class=\"wp-image-393\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-1024x189.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-300x55.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-768x142.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-1536x283.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-2048x378.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Create Virtual Interface<ul><li>Pick the connection created earlier<\/li><li>Pick Virtual Private Gateway as the Gateway type and pick the VGW created earlier<\/li><li>Enter the VLAN number of the connection (Will error out if wrong VLAN number entered)<\/li><li>Enter your OnPrem device BGP ASN<\/li><\/ul><\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"809\" height=\"1024\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-9-809x1024.png\" alt=\"\" class=\"wp-image-402\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-9-809x1024.png 809w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-9-237x300.png 237w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-9-768x972.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-9.png 1193w\" sizes=\"auto, (max-width: 809px) 100vw, 809px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Open the VIF just created and note down<ul><li>Your router peer IP &lt;- IP that you need to set on your router\/firewall<\/li><li>Amazon router peer IP &lt; IP of the VIF, try to ping from your router to it to make sure L2 connectivity is there<\/li><li>BGP authentication key<br><\/li><\/ul><\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"399\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-10-1024x399.png\" alt=\"\" class=\"wp-image-403\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-10-1024x399.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-10-300x117.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-10-768x299.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-10-1536x598.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-10.png 2021w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Last configure your router\/firewall to establish BGP connection with VIF.<\/li><\/ul>\n\n\n\n<p>Configure interface on your router to use the 169.254.x.x address listed in VIF configuration. Note the VLAN number isn&#8217;t the same as the DX Connection VLAN number, this depends on your physical connectivity to your upstream switch.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>interface GigabitEthernet0\/0\/0.512\n description connected to VIF\n encapsulation dot1Q 512\n ip address 169.254.96.14 255.255.255.248<\/code><\/pre>\n\n\n\n<p>Ping the 169.254.x.x IP on the AWS side to make sure there&#8217;s L2 connectivity<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>#ping 169.254.96.9 source 169.254.96.14\n\nType escape sequence to abort.\nSending 5, 100-byte ICMP Echos to 169.254.96.9, timeout is 2 seconds:\nPacket sent with a source address of 169.254.96.14 \n!!!!!\nSuccess rate is 100 percent (5\/5), round-trip min\/avg\/max = 1\/1\/2 ms<\/code><\/pre>\n\n\n\n<p>BGP Configuration, remote AS point to VGW&#8217;s ASN number<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>router bgp 65000\n bgp log-neighbor-changes\n neighbor 169.254.96.9 remote-as 65020\n neighbor 169.254.96.9 password &lt;BGP authentication key from VIF&gt;\n !\n address-family ipv4\n  neighbor 169.254.96.9 activate\n  neighbor 169.254.96.9 soft-reconfiguration inbound<\/code><\/pre>\n\n\n\n<p>Check to make sure BGP is up<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>#show ip bgp summary \nBGP router identifier 192.168.77.1, local AS number 65000\nBGP table version is 29, main routing table version 29\n4 network entries using 992 bytes of memory\n4 path entries using 544 bytes of memory\n1\/1 BGP path\/bestpath attribute entries using 280 bytes of memory\n0 BGP route-map cache entries using 0 bytes of memory\n0 BGP filter-list cache entries using 0 bytes of memory\nBGP using 1816 total bytes of memory\nBGP activity 16\/12 prefixes, 16\/12 paths, scan interval 60 secs\n\nNeighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up\/Down  State\/PfxRcd\n169.254.96.9    4        65030   16460   17602       29    0    0 5d14h           0\n<\/code><\/pre>\n\n\n\n<p>At this point Aviatrix Transit should start to receive BGP routes from On-Premise, and On-Premise should receive cloud routes from Aviatrix Transit.<\/p>\n\n\n\n<p>To validate from OnPrem<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>show ip bgp\n\nshow ip bgp neighbors 169.254.96.9 received-routes\n\nshow ip bgp neighbors 169.254.96.9 advertised-routes<\/code><\/pre>\n\n\n\n<p>To validate from Aviatrix<\/p>\n\n\n\n<p>Aviatrix Controller -&gt; Multi-Cloud Transit -&gt; BGP -&gt; Diagnostics -&gt; Select Transit connected to DX -&gt; Run one of the BGP command above<\/p>\n\n\n\n<p>Aviatrix CoPilot -&gt; Cloud Routes -&gt; BGP Info -&gt; Select Transit connected to DX -&gt; Learned Routes\/Advertised Routes<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This is the first of the three articles. It will be the easiest to accomplish but with following requirements, and constrains highlighted. Virtual Private Gateway (VGW) has to be created in the same region as the Direct Connect Private Virtual &hellip; <a href=\"https:\/\/cloudlearning365.com\/?p=392\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[2,3],"tags":[],"class_list":["post-392","post","type-post","status-publish","format-standard","hentry","category-aviatrix","category-aws"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/posts\/392","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=392"}],"version-history":[{"count":12,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/posts\/392\/revisions"}],"predecessor-version":[{"id":689,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/posts\/392\/revisions\/689"}],"wp:attachment":[{"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=392"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=392"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=392"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}