{"id":538,"date":"2022-10-02T16:52:53","date_gmt":"2022-10-02T21:52:53","guid":{"rendered":"https:\/\/cloudlearning365.com\/?p=538"},"modified":"2022-10-14T09:31:08","modified_gmt":"2022-10-14T14:31:08","slug":"direct-connect-to-aviatrix-transit-option-2","status":"publish","type":"post","link":"https:\/\/cloudlearning365.com\/?p=538","title":{"rendered":"Direct Connect to Aviatrix Transit &#8211; Option 2"},"content":{"rendered":"\n<p>In my last <a href=\"https:\/\/cloudlearning365.com\/?p=392\">blog post<\/a>, I have covered one option to connect On-Premise data center to Aviatrix Transit via Direct Connect, it&#8217;s easy to implement however with following draw backs:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Each IPSec tunnel between Aviatrix Transit and AWS Virtual Private Gateway (VGW)  is limited to 1.25Gbps of throughput, and we can only have 4 tunnels which limits the aggregated throughput to 5Gbps. For customer want to have higher throughput, this won&#8217;t be viable.<\/li><li>Private Virtual Interface support up to 100 BGP routes, BGP session will go DOWN when more routes been advertised<\/li><li>Between On-Premise to VGW, traffic maybe protected by MACSec, but still expose to man in the middle attack. Reference article: Securing your network connection to the cloud: MACSec vs. IPSec<\/li><\/ul>\n\n\n\n<p>How do we overcome these constrains? Let me take you through the second option connecting to Aviatrix Transit via Direct connect.<\/p>\n\n\n\n<!--more-->\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"706\" height=\"1024\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/DX-to-Aviatrix-Transit-Options-3rd-Party-Overlay-706x1024.png\" alt=\"\" class=\"wp-image-648\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/DX-to-Aviatrix-Transit-Options-3rd-Party-Overlay-706x1024.png 706w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/DX-to-Aviatrix-Transit-Options-3rd-Party-Overlay-207x300.png 207w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/DX-to-Aviatrix-Transit-Options-3rd-Party-Overlay.png 769w\" sizes=\"auto, (max-width: 706px) 100vw, 706px\" \/><\/figure>\n\n\n\n<p>This architecture have following requirements and <strong><span style=\"text-decoration: underline;\"><mark style=\"background-color:#ffe2c7\" class=\"has-inline-color\">constrains <\/mark><\/span><\/strong>highlighted<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>VGW need to be create in the same region as Aviatrix Transit VPC<\/li><li>VGW need to be <strong>attached <\/strong>to Aviatrix Transit VPC<\/li><li>VGW will propagate BGP route received from On-Premise to your designated route table in attached VPC, with this, the Aviatrix Transit Gateway will be able to communicate with on-premise router\/firewall to establish underlay connectivity.<\/li><li>Direct Connect Gateway (DXGW) is optional, but recommended:<ul><li>DXGW is a global construct and will allow you to attach multiple VGW from same or different regions, which gives you further flexibility<\/li><li>With DXGW, you can control the prefixes advertised back to on-premise for each VGW attached.<\/li><li>When DXGW is been used, on-premise router will establish BGP peer with DXGW ASN<\/li><li>When DXGW is NOT been used, on-premise router will establish BGP peer with VGW ASN<\/li><\/ul><\/li><li>Above steps allowed Aviatrix Transit Gateway to communicate with on-premise router\/firewall, this connectivity can be used as underlay. From the same router\/firewall, if it&#8217;s capable of using GRE or IPSec tunneling protocol, we can establish another BGP connection between on-premise router\/firewall to Aviatrix Transit Gateway, this connection is consider as overlay.<ul><li>The overlay connection uses BGP peering between Aviatrix Transit Gateway and on-premise devices, thus overcome the 100 Route limitation on Private VIF<\/li><li>The overlay connection can use GRE, which has less overhead than IPSec and potentially get to 5Gbps per tunnel throughput.<\/li><\/ul><\/li><li><mark style=\"background-color:#ffe2c7\" class=\"has-inline-color\">Traffic running on Private VIF maybe protected by MACSec, but still expose to man in the middle attack.<\/mark> Reference article: <a href=\"https:\/\/www.linkedin.com\/pulse\/securing-your-network-connection-cloud-macsec-vs-ipsec-brad-hedlund\/\">Securing your network connection to the cloud: MACSec vs. IPSec<\/a><\/li><li><mark style=\"background-color:#ffe2c7\" class=\"has-inline-color\">GRE Protocol only provides encapsulation but not able to provide encryption<\/mark><\/li><li><mark style=\"background-color:#ffe2c7\" class=\"has-inline-color\">GRE Protocol can only be used in AWS, and cannot be used in Azure or GCP<\/mark> <mark style=\"background-color:#ffe2c7\" class=\"has-inline-color\">or OCI<\/mark><\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Steps to create the connection<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Build underlay connectivity<\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li>In AWS Console, search and open Direct Connect service<\/li><li>Get the Direct Connect -&gt; Connection provisioned and accepted in your AWS account, the status of the Connection should show up as <strong><mark style=\"background-color:rgba(0, 0, 0, 0);color:#3da600\" class=\"has-inline-color\">available<\/mark><\/strong><\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"171\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-1024x171.png\" alt=\"\" class=\"wp-image-546\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-1024x171.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-300x50.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-768x128.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-1536x256.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image.png 1620w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Direct Connect -&gt; Virtual private gateways -&gt; Create virtual private gateway<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"195\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-1-1024x195.png\" alt=\"\" class=\"wp-image-547\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-1-1024x195.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-1-300x57.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-1-768x146.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-1-1536x293.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-1.png 1600w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li><strong><span style=\"text-decoration: underline;\"><mark style=\"background-color:#ffe2c7\" class=\"has-inline-color\">Switch to the same region<\/mark><\/span><\/strong> as your Aviatrix Transit Gateway, provide:<ul><li>Name<\/li><li>ASN of the VGW that you are creating<\/li><\/ul><\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"818\" height=\"778\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-2.png\" alt=\"\" class=\"wp-image-548\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-2.png 818w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-2-300x285.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-2-768x730.png 768w\" sizes=\"auto, (max-width: 818px) 100vw, 818px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>VGW has been created, note it shows Detached<\/li><li>Actions -&gt; Attach to VPC, and select Aviatrix Transit VPC<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"158\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-3-1024x158.png\" alt=\"\" class=\"wp-image-550\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-3-1024x158.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-3-300x46.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-3-768x118.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-3.png 1365w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"165\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-4-1024x165.png\" alt=\"\" class=\"wp-image-551\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-4-1024x165.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-4-300x48.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-4-768x124.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-4.png 1367w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"821\" height=\"411\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-5.png\" alt=\"\" class=\"wp-image-552\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-5.png 821w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-5-300x150.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-5-768x384.png 768w\" sizes=\"auto, (max-width: 821px) 100vw, 821px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Find Aviatrix Transit Gateway EC2 instance, click on the subnet that&#8217;s connected to eth0<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"906\" height=\"675\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-6.png\" alt=\"\" class=\"wp-image-553\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-6.png 906w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-6-300x224.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-6-768x572.png 768w\" sizes=\"auto, (max-width: 906px) 100vw, 906px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Find the route table that&#8217;s associated with the subnet, then click on it.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"756\" height=\"742\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-7.png\" alt=\"\" class=\"wp-image-554\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-7.png 756w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-7-300x294.png 300w\" sizes=\"auto, (max-width: 756px) 100vw, 756px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Once navigated to the route table, click on <strong>Route propagation<\/strong> tab, and notice that Propagation is currently set to No, click on <strong>Edit route propagation<\/strong> button<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"452\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-18.png\" alt=\"\" class=\"wp-image-565\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-18.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-18-300x132.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-18-768x339.png 768w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Enable Propagation, then click on Save<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"818\" height=\"435\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-9.png\" alt=\"\" class=\"wp-image-556\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-9.png 818w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-9-300x160.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-9-768x408.png 768w\" sizes=\"auto, (max-width: 818px) 100vw, 818px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Note how only local route and 0\/0 point to IGW at this point<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"242\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-10-1024x242.png\" alt=\"\" class=\"wp-image-557\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-10-1024x242.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-10-300x71.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-10-768x181.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-10.png 1270w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Switch to Direct Connect service page, then click on Direct Connect Gateways, click on Create Direct Connect Gateway<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"226\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-11-1024x226.png\" alt=\"\" class=\"wp-image-558\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-11-1024x226.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-11-300x66.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-11-768x170.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-11-1536x340.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-11.png 1601w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Give your DXGW a name, and enter the ASN number of DXGW, note how it&#8217;s a global construct<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"903\" height=\"557\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-12.png\" alt=\"\" class=\"wp-image-559\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-12.png 903w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-12-300x185.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-12-768x474.png 768w\" sizes=\"auto, (max-width: 903px) 100vw, 903px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>It&#8217;s easy to overlook to connect DXGW with VGW, once DXGW gets created, click on it, and click on Gateway associations tab -&gt; Associate gateway<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"477\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-17.png\" alt=\"\" class=\"wp-image-564\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-17.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-17-300x140.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-17-768x358.png 768w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Select the VGW create earlier to associate with DXGW, note it have an option to set up to 20 prefixes to be advertised to on-premise. <\/li><li><strong>Note1 <\/strong>this is static entry, entries in this list will be advertised to on-premise regardless the status of Aviatrix Transit. In our case, we are using this connection as underlay, so we should put in *<strong>only<\/strong>* Aviatrix Transit VPC&#8217;s CIDR range here.<\/li><li><strong>Note2<\/strong> although this prefixes list can be updated in the future, it does take couple of minutes to be update<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"897\" height=\"568\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-15.png\" alt=\"\" class=\"wp-image-562\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-15.png 897w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-15-300x190.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-15-768x486.png 768w\" sizes=\"auto, (max-width: 897px) 100vw, 897px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>It will take a while before the state change from <strong>associating <\/strong>to <strong><mark style=\"background-color:rgba(0, 0, 0, 0);color:#2dac00\" class=\"has-inline-color\">associated<\/mark><\/strong><\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"163\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-16-1024x163.png\" alt=\"\" class=\"wp-image-563\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-16-1024x163.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-16-300x48.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-16-768x122.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-16.png 1304w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Direct Connect -&gt; Connection, note down the Connection&#8217;s VLAN number<\/li><li>Direct Connect -&gt; Virtual interfaces -&gt; Create the Private Virtual Interface<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"230\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-20-1024x230.png\" alt=\"\" class=\"wp-image-569\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-20-1024x230.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-20-300x68.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-20-768x173.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-20-1536x346.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-20.png 1600w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Choose Private VIF and give it a name<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"892\" height=\"718\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-21.png\" alt=\"\" class=\"wp-image-570\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-21.png 892w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-21-300x241.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-21-768x618.png 768w\" sizes=\"auto, (max-width: 892px) 100vw, 892px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Scroll down, pick the DX connection, select DXGW that we created earlier. If no DXGW was created, then select VGW here. Provide the VLAN number noted from the DX Connection earlier. Provide On-Premise router\/firewall&#8217;s ASN number, then click  Create Virtual Interface button in the bottom.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"895\" height=\"702\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-22.png\" alt=\"\" class=\"wp-image-571\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-22.png 895w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-22-300x235.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-22-768x602.png 768w\" sizes=\"auto, (max-width: 895px) 100vw, 895px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>If you switch over to Direct Connect -&gt; Direct Connect gateways section, and check Virtual interface associations, you can see the status change from associating to <strong>associating <\/strong>to <strong><mark style=\"background-color:rgba(0, 0, 0, 0);color:#2dac00\" class=\"has-inline-color\">associated<\/mark><\/strong>.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"426\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-24-1024x426.png\" alt=\"\" class=\"wp-image-573\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-24-1024x426.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-24-300x125.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-24-768x319.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-24-1536x638.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-24.png 1605w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>The private VIF is now created, but the status should be down<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"175\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-25-1024x175.png\" alt=\"\" class=\"wp-image-574\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-25-1024x175.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-25-300x51.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-25-768x132.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-25-1536x263.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-25.png 1606w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Click on the private VIF, note down the two 169.254.x.x peer IPs and BGP authentication key.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"121\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-26-1024x121.png\" alt=\"\" class=\"wp-image-575\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-26-1024x121.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-26-300x35.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-26-768x91.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-26.png 1345w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Switch over to on-premise router\/firewall, first configure the connected interface to use <strong>Your router peer IP<\/strong> in above screenshot<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>interface GigabitEthernet0\/0\/0.703\n description connected to VIF\n encapsulation dot1Q 703\n ip address <mark style=\"background-color:#ffe2c7\" class=\"has-inline-color\">169.254.96.6<\/mark> 255.255.255.248<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Test to make sure there&#8217;s L2 connectivity<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>#ping 169.254.96.1 source 169.254.96.6\n\nType escape sequence to abort.\nSending 5, 100-byte ICMP Echos to 169.254.96.1, timeout is 2 seconds:\nPacket sent with a source address of 169.254.96.6 \n!!!!!\nSuccess rate is 100 percent (5\/5), round-trip min\/avg\/max = 1\/1\/2 ms<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Config BGP peering with Amazon side. Note On Premise is using ASN 65000 and DXGW ASN is 65030. <\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>router bgp 65000\n neighbor <mark style=\"background-color:#ffe2c7\" class=\"has-inline-color\">169.254.96.1<\/mark> remote-as <mark style=\"background-color:#ffe2c7\" class=\"has-inline-color\">65030<\/mark>\n neighbor 169.254.96.1 password &lt;BGP_Password&gt;\n address-family ipv4\n  neighbor 169.254.96.1 activate\n  neighbor 169.254.96.1 soft-reconfiguration inbound<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Check BGP summary, and it should be up right now<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>#show ip bgp summary \nBGP router identifier 192.168.77.1, local AS number 65000\nBGP table version is 30, main routing table version 30\n5 network entries using 1240 bytes of memory\n5 path entries using 680 bytes of memory\n2\/2 BGP path\/bestpath attribute entries using 560 bytes of memory\n1 BGP AS-PATH entries using 24 bytes of memory\n0 BGP route-map cache entries using 0 bytes of memory\n0 BGP filter-list cache entries using 0 bytes of memory\nBGP using 2504 total bytes of memory\nBGP activity 17\/12 prefixes, 17\/12 paths, scan interval 60 secs\n\nNeighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up\/Down  State\/PfxRcd\n<mark style=\"background-color:#ffe2c7\" class=\"has-inline-color\">169.254.96.1<\/mark>    4        65030    <mark style=\"background-color:#ffe2c7\" class=\"has-inline-color\">   8      10<\/mark>       30    0    0 <mark style=\"background-color:#ffe2c7\" class=\"has-inline-color\">00:02:33 <\/mark>       1\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>We can also check route received via AWS peer, <span style=\"text-decoration: underline;\">we can notice that it learned the Aviatrix Transit VPC CIDR, remember we set this on DXGW to VGW association allowed prefixes list.<\/span><\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>#show ip bgp neighbors 169.254.96.1 received-routes\n \nBGP table version is 31, local router ID is 192.168.77.1\nStatus codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal, \n              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, \n              x best-external, a additional-path, c RIB-compressed, \n              t secondary path, L long-lived-stale,\nOrigin codes: i - IGP, e - EGP, ? - incomplete\nRPKI validation codes: V valid, I invalid, N Not found\n\n     Network          Next Hop            Metric LocPrf Weight Path\n *&gt;   <mark style=\"background-color:#ffe2c7\" class=\"has-inline-color\">10.32.0.0\/23<\/mark>     169.254.96.1                           0 65030 i\n\nTotal number of prefixes 1 \n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>AWS side should show the VIF status is <mark style=\"background-color:rgba(0, 0, 0, 0);color:#00970c\" class=\"has-inline-color\"><strong>available<\/strong><\/mark>, if you click on the VIF, you can see BGP status is <strong><mark style=\"background-color:rgba(0, 0, 0, 0);color:#0bbe00\" class=\"has-inline-color\"><mark style=\"background-color:rgba(0, 0, 0, 0);color:#00970c\" class=\"has-inline-color\"><strong>Up<\/strong><\/mark><\/mark><\/strong><\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"126\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-27-1024x126.png\" alt=\"\" class=\"wp-image-576\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-27-1024x126.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-27-300x37.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-27-768x94.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-27.png 1367w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"101\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-28-1024x101.png\" alt=\"\" class=\"wp-image-577\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-28-1024x101.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-28-300x30.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-28-768x76.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-28.png 1355w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Check the route table on Aviatrix Transit Gateway eth0 interface attached subnet, you may notice that several prefixes been propagated from on-premise device already, where the <span style=\"text-decoration: underline;\">next hop set to VGW<\/span>, and <strong>Propagated <\/strong>shows as <strong>Yes<\/strong>. <\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"626\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-32.png\" alt=\"\" class=\"wp-image-585\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-32.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-32-300x183.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-32-768x470.png 768w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>We don&#8217;t need all these prefixes exposed to Aviatrix Transit, so we will create a loopback adapter, also create prefix-list to control only the loopback address is propagated to Aviatrix Transit VPC route table<\/li><li>Create a lookback adapter<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>interface Loopback77\n ip address 192.168.77.1 255.255.255.255\n router bgp 65000\n  address-family ipv4\n  network 192.168.77.1 mask 255.255.255.255<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Note the loopback 192.168.77.1\/32 is now propagated to Aviatrix Transit VPC route table<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"659\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-30-1024x659.png\" alt=\"\" class=\"wp-image-582\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-30-1024x659.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-30-300x193.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-30-768x494.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-30.png 1130w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Create prefix-list to limit the prefixes to just 192.168.77.1\/32<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ip prefix-list Router-to-DXGW description Advertise Loopback to be underlay\nip prefix-list Router-to-DXGW seq 10 permit 192.168.77.1\/32\nrouter bgp 65000\n address-family ipv4\n  neighbor 169.254.96.1 prefix-list Router-to-DXGW out<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Check Aviatrix Transit VPC route table again, now only the loopback adapter is propagated<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"564\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-31-1024x564.png\" alt=\"\" class=\"wp-image-584\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-31-1024x564.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-31-300x165.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-31-768x423.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-31.png 1157w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Get Aviatrix Transit Gateway&#8217;s private IP<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"272\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-33-1024x272.png\" alt=\"\" class=\"wp-image-587\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-33-1024x272.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-33-300x80.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-33-768x204.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-33.png 1139w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Confirm connectivity from Aviatrix Transit Gateway to On-Premise (Reverse won&#8217;t work as there are Security Group on Aviatrix Transit Gateway blocking incoming connections)<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"871\" height=\"731\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-34.png\" alt=\"\" class=\"wp-image-588\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-34.png 871w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-34-300x252.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-34-768x645.png 768w\" sizes=\"auto, (max-width: 871px) 100vw, 871px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Build overlay connectivity<\/h3>\n\n\n\n<p>We have spent great deal of time to get underlay working. Now how difficult is it to build the GRE overlay towards Aviatrix Transit? Let&#8217;s find out.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Make sure Aviatrix Transit Gateway have ASN assigned, and if we are building multiple active\/active tunnels, enable BGP ECMP<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"642\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-35-1024x642.png\" alt=\"\" class=\"wp-image-590\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-35-1024x642.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-35-300x188.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-35-768x481.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-35.png 1072w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Multi-cloud transit -&gt; Setup -&gt; External connections<ul><li>External device<\/li><li>BGP<\/li><li>GRE<\/li><li>Select Transit Gateway, previously set ASN should be prepopulated<\/li><li>Specify remote BGP AS number from on-premise<\/li><li>Use the loopback IP as remote gateway IP<\/li><li>Click on Connect button at bottom<\/li><\/ul><\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"697\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-37-1024x697.png\" alt=\"\" class=\"wp-image-592\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-37-1024x697.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-37-300x204.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-37-768x523.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-37.png 1129w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Site2Cloud -&gt; Setup -&gt; Select the S2C (Site2Cloud) connection we created earlier, then click on <strong>Edit <\/strong>button<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"176\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-38-1024x176.png\" alt=\"\" class=\"wp-image-593\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-38-1024x176.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-38-300x51.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-38-768x132.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-38-1536x264.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-38.png 1556w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Aviatrix support generate configuration for Cisco ISR, ASR, CSR, ASA or generic vendor neutral format, since I&#8217;m using ISR and I will choose to export the configuration<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"365\" height=\"275\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-39.png\" alt=\"\" class=\"wp-image-594\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-39.png 365w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-39-300x226.png 300w\" sizes=\"auto, (max-width: 365px) 100vw, 365px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>This is the example of the config, since I only have one Transit Gateway, so it only generates one tunnel.<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>! Aviatrix GRE configuration template\n! \n! This configuration serves as a general guideline and may have to be modified to\n! be functional on your device.\n!\n! &lt;tunnel_number1&gt;: the GRE tunnel interface number\n! &lt;ios_wan_interface1&gt;: the source interface of tunnel packets\n! &lt;customer_tunnel_ip1&gt;: any un-used IPv4 address for the tunnel interface\n!                        when static routing is used (e.g. 1.1.1.1)\n! &lt;netmask&gt;: netmask for customer_tunnel_ip. Please use 255.255.255.255\n!\n!---------------------------------------------------------------------------------------\n! #1: Tunnel Interface Configuration\n! The virtual tunnel interface is used to communicate with the remote GRE endpoint \n! to establish the GRE tunnel.\n!\ninterface Tunnel <mark style=\"background-color:#ffe2c7\" class=\"has-inline-color\">&lt;tunnel_number1&gt;<\/mark>\n  ip address 169.254.214.237 255.255.255.252\n  ip mtu 1436\n  ip tcp adjust-mss 1387\n  tunnel source <mark style=\"background-color:#ffe2c7\" class=\"has-inline-color\">&lt;ios_wan_interface1&gt;<\/mark>\n  tunnel destination 10.32.0.71\n  ip virtual-reassembly\n  no keepalive\n  exit\n!\n!---------------------------------------------------------------------------------------\n! #2: BGP Routing Configuration\n! The Border Gateway Protocol (BGPv4) is used to exchange routes from the VPC to on-prem\n! network. Each BGP router has an Autonomous System Number (ASN).\n!\nrouter bgp 65000\n  bgp log-neighbor-changes\n  neighbor 169.254.214.238 remote-as 65010\n  neighbor 169.254.214.238 timers 60 180\n  ! bgp md5 authentication password need to be added if configured\n  ! neighbor 169.254.214.238 password \n  !\n  address-family ipv4\n    redistribute connected\n    neighbor 169.254.214.238 activate\n    neighbor 169.254.214.238 soft-reconfiguration inbound\n    maximum-paths 4\n  exit-address-family\n!\n!---------------------------------------------------------------------------------------\n!\n!\nFor vendor specific instructions, please go to the following URL:\nhttp:&#47;&#47;docs.aviatrix.com\/#site2cloud\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>This is the actual code that I will need<ul><li>Substitute tunnel_number1 -&gt; 11<\/li><li>Substitute ios_wan_interface1 -&gt; 192.168.77.1, the loopback we created earlier<\/li><\/ul><\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>interface Tunnel <mark style=\"background-color:#ffe2c7\" class=\"has-inline-color\">11<\/mark>\n  ip address 169.254.214.237 255.255.255.252\n  ip mtu 1436\n  ip tcp adjust-mss 1387\n  tunnel source <mark style=\"background-color:#ffe2c7\" class=\"has-inline-color\">192.168.77.1<\/mark>\n  tunnel destination 10.32.0.71\n  ip virtual-reassembly\n  no keepalive\n  exit\nrouter bgp 65000\n  bgp log-neighbor-changes\n  neighbor 169.254.214.238 remote-as 65010\n  neighbor 169.254.214.238 timers 60 180\n  address-family ipv4\n    redistribute connected\n    neighbor 169.254.214.238 activate\n    neighbor 169.254.214.238 soft-reconfiguration inbound\n    maximum-paths 4\n  exit-address-family<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>The S2C connection should be Up now, use diagnostic if run into trouble<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"184\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-41-1024x184.png\" alt=\"\" class=\"wp-image-596\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-41-1024x184.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-41-300x54.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-41-768x138.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-41-1536x276.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-41.png 1571w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Beside of the underlay BGP, the overlay BGP is also up<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>#show ip bgp summary \nBGP router identifier 192.168.77.1, local AS number 65000\nBGP table version is 37, main routing table version 37\n8 network entries using 1984 bytes of memory\n8 path entries using 1088 bytes of memory\n4\/4 BGP path\/bestpath attribute entries using 1120 bytes of memory\n2 BGP AS-PATH entries using 48 bytes of memory\n0 BGP route-map cache entries using 0 bytes of memory\n0 BGP filter-list cache entries using 0 bytes of memory\nBGP using 4240 total bytes of memory\nBGP activity 21\/13 prefixes, 21\/13 paths, scan interval 60 secs\n\nNeighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up\/Down  State\/PfxRcd\n169.254.96.1    4        65030     160     175       37    0    0 01:16:50        1\n<mark style=\"background-color:#ffe2c7\" class=\"has-inline-color\">169.254.214.238 4        65010       6       9       37    0    0 00:02:37        1<\/mark><\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Through overlay, it received Aviatrix Spoke 10.64.0.0\/24 CIDR<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>#show ip bgp neighbors 169.254.214.238 received-routes \nBGP table version is 37, local router ID is 192.168.77.1\nStatus codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal, \n              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, \n              x best-external, a additional-path, c RIB-compressed, \n              t secondary path, L long-lived-stale,\nOrigin codes: i - IGP, e - EGP, ? - incomplete\nRPKI validation codes: V valid, I invalid, N Not found\n\n     Network          Next Hop            Metric LocPrf Weight Path\n<mark style=\"background-color:#ffe2c7\" class=\"has-inline-color\"> *&gt;   10.64.0.0\/24     169.254.214.238          0             0 65010 i<\/mark>\n\nTotal number of prefixes 1 <\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>We can validate this also from Aviatrix CoPilot<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"259\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-42-1024x259.png\" alt=\"\" class=\"wp-image-597\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-42-1024x259.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-42-300x76.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-42-768x194.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-42-1536x388.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-42.png 1563w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"408\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-43-1024x408.png\" alt=\"\" class=\"wp-image-598\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-43-1024x408.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-43-300x120.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-43-768x306.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-43.png 1328w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"319\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-44-1024x319.png\" alt=\"\" class=\"wp-image-599\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-44-1024x319.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-44-300x93.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-44-768x239.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-44.png 1406w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">After thoughts<\/h3>\n\n\n\n<p>This is great! You can see it&#8217;s very easy to use Aviatrix to build the overlay, and get a glimpse of how easy to get the diagnostic information. However, how do we tackle the following constrains? In part three, I will show you how we can have the best of both worlds.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><mark style=\"background-color:#ffe2c7\" class=\"has-inline-color\">Traffic running on Private VIF maybe protected by MACSec, but still expose to man in the middle attack.<\/mark> Reference article: <a href=\"https:\/\/www.linkedin.com\/pulse\/securing-your-network-connection-cloud-macsec-vs-ipsec-brad-hedlund\/\">Securing your network connection to the cloud: MACSec vs. IPSec<\/a><\/li><li><mark style=\"background-color:#ffe2c7\" class=\"has-inline-color\">GRE Protocol only provides encapsulation but not able to provide encryption<\/mark><\/li><li><mark style=\"background-color:#ffe2c7\" class=\"has-inline-color\">GRE Protocol can only be used in AWS, and cannot be used in Azure or GCP<\/mark> <mark style=\"background-color:#ffe2c7\" class=\"has-inline-color\">or OCI<\/mark><\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>In my last blog post, I have covered one option to connect On-Premise data center to Aviatrix Transit via Direct Connect, it&#8217;s easy to implement however with following draw backs: Each IPSec tunnel between Aviatrix Transit and AWS Virtual Private &hellip; <a href=\"https:\/\/cloudlearning365.com\/?p=538\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[2,3],"tags":[],"class_list":["post-538","post","type-post","status-publish","format-standard","hentry","category-aviatrix","category-aws"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/posts\/538","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=538"}],"version-history":[{"count":18,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/posts\/538\/revisions"}],"predecessor-version":[{"id":682,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/posts\/538\/revisions\/682"}],"wp:attachment":[{"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=538"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=538"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=538"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}