{"id":77,"date":"2022-05-15T20:27:19","date_gmt":"2022-05-16T01:27:19","guid":{"rendered":"https:\/\/cloudlearning365.com\/?p=77"},"modified":"2022-10-14T09:37:49","modified_gmt":"2022-10-14T14:37:49","slug":"enable-private-connectivity-to-workloads-deployed-in-multiple-default-vpcs-part-2","status":"publish","type":"post","link":"https:\/\/cloudlearning365.com\/?p=77","title":{"rendered":"Enable private connectivity to workloads deployed in multiple default VPCs &#8211; Part 2"},"content":{"rendered":"\n<p>Scenario: One of our customers are primary in Azure, after merger and acquisitions, them acquired hundreds of AWS accounts, where workloads are deployed to default VPCs, which all have this address space: 172.31.0.0\/16<\/p>\n\n\n\n<p>They are looking for a solution to provide bi-directional private connectivity to these workloads in AWS from Azure without overhead of route management, also provide visibility to the traffic.<\/p>\n\n\n\n<!--more-->\n\n\n\n<p>Here below is the proposed solution: <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"606\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/Overlap-IP-1-1024x606.png\" alt=\"\" class=\"wp-image-667\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/Overlap-IP-1-1024x606.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/Overlap-IP-1-300x177.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/Overlap-IP-1-768x454.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/Overlap-IP-1-1536x908.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/Overlap-IP-1.png 1691w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>In above diagram, Azure workloads are deployed in spoke vNets, these spoke vNets are attached to hub Transit FireNet and are fully routable.<\/p>\n\n\n\n<p>USEProdApp1Priv is deployed in private subnet.<\/p>\n\n\n\n<p>USEShared1Pub have an EIP that we can SSH to.<\/p>\n\n\n\n<p>Azure side have a summarized real CIDR of 10.100.0.0\/16<\/p>\n\n\n\n<p>AWS side top right corner, account1, we would use a Cisco CSR 1000<\/p>\n\n\n\n<p>AWS bottom right corner, account2, we would use a standalone Aviatrix Gateway<\/p>\n\n\n\n<p>Let&#8217;s take a look at the differences between Cisco CSR and Aviatrix Gateway<\/p>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">Part 2 &#8211; Aviatrix Standalone GW to Aviatrix Spoke GW mapped NAT configuration<\/h3>\n\n\n\n<p>Testing environment:<\/p>\n\n\n\n<p>Aviatrix Controller: 6.6.5545<br>Aviatrix Gateways: 6.6.5545<\/p>\n\n\n\n<p>Since bi-directional traffic is needed, in this configuration, IPs have one to one mapping.<\/p>\n\n\n\n<p>Azure side real CIDR: <strong>10.100<\/strong>.0.0\/16, we will use <strong>100.97<\/strong>.0.0\/16 for it&#8217;s virtual CIDR. <\/p>\n\n\n\n<p>AWS side will use virtual IP: 100.97.<strong>64.36<\/strong>, when tries to reach Azure side real IP: 10.100.<strong>64.36<\/strong><\/p>\n\n\n\n<p>Traffic flow from AWS side to Azure side, note NAT happens on Landing Spoke Gateway. (SIP = Source IP, DIP = Destination IP)<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><\/td><td>AWS Client \/ Aviatrix Standalone GW<\/td><td>Landing Spoke GW<\/td><td>Transit GW<\/td><td>Prod Spoke GW<\/td><td>Azure Client<\/td><\/tr><tr><td>SIP<\/td><td>172.31.<strong>0.10<\/strong><\/td><td>100.65.<strong>0.10<\/strong><\/td><td>100.65.<strong>0.10<\/strong><\/td><td>100.65.<strong>0.10<\/strong><\/td><td>100.65.<strong>0.10<\/strong><\/td><\/tr><tr><td>DIP<\/td><td>100.97.<strong>64.36<\/strong><\/td><td>10.100.<strong>64.36<\/strong><\/td><td>10.100.<strong>64.36<\/strong><\/td><td>10.100.<strong>64.36<\/strong><\/td><td>10.100.<strong>64.36<\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>AWS side real CIDR: <strong>172.31<\/strong>.0.0\/16, we will use <strong>100.65<\/strong>.0.0\/16 for it&#8217;s virtual CIDR.<\/p>\n\n\n\n<p>Azure side will use virtual IP: 100.65.<strong>0.10<\/strong>, when tries to reach AWS side real IP: 172.31.<strong>0.10<\/strong><\/p>\n\n\n\n<p>Traffic flow from Azure side to AWS side, note NAT happens on Landing Spoke Gateway. (SIP = Source IP, DIP = Destination IP)<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><\/td><td>Azure Client<\/td><td>Prod Spoke GW<\/td><td>Transit GW<\/td><td>Landing Spoke GW<\/td><td>Aviatrix Standalone GW \/ AWS Client<\/td><\/tr><tr><td>SIP<\/td><td>10.100.<strong>64.36<\/strong><\/td><td>10.100.<strong>64.36<\/strong><\/td><td>10.100.<strong>64.36<\/strong><\/td><td>10.100.<strong>64.36<\/strong><\/td><td>100.97.<strong>64.36<\/strong><\/td><\/tr><tr><td>DIP<\/td><td>100.65.<strong>0.10<\/strong><\/td><td>100.65.<strong>0.10<\/strong><\/td><td>100.65.<strong>0.10<\/strong><\/td><td>100.65.<strong>0.10<\/strong><\/td><td>172.31.<strong>0.10<\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">Launch Aviatrix Standalone GW in AWS Default VPC<\/h4>\n\n\n\n<ol class=\"wp-block-list\"><li>Follow https:\/\/docs.aviatrix.com\/HowTos\/aviatrix_account.html to onboard your AWS account that contains the default VPC<\/li><li>Create standalone gateway in this AWS account, select the region, default vpc and a public subnet<\/li><\/ol>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1006\" height=\"1024\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-27-1006x1024.png\" alt=\"\" class=\"wp-image-83\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-27-1006x1024.png 1006w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-27-295x300.png 295w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-27-768x782.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-27.png 1502w\" sizes=\"auto, (max-width: 1006px) 100vw, 1006px\" \/><\/figure>\n\n\n\n<p>3. Once the GW created, select it, and click on <strong>EDIT<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"296\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-28-1024x296.png\" alt=\"\" class=\"wp-image-84\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-28-1024x296.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-28-300x87.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-28-768x222.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-28.png 1380w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>4. Select 2nd public subnet in default VPC, then Create HA gateway<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"722\" height=\"760\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-29.png\" alt=\"\" class=\"wp-image-85\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-29.png 722w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-29-285x300.png 285w\" sizes=\"auto, (max-width: 722px) 100vw, 722px\" \/><\/figure>\n\n\n\n<p>5. Confirm both stand alone gateways are up, and record down their public IPs<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"336\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-30-1024x336.png\" alt=\"\" class=\"wp-image-86\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-30-1024x336.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-30-300x98.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-30-768x252.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-30.png 1383w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">Create Site to Cloud connection using Mapped NAT in Aviatrix Controller<\/h4>\n\n\n\n<p>Goes to Aviatrix controller web page, SITE2CLOUD -&gt; Setup -&gt; 2 Create a New Site2CloudConnection -&gt; ADD NEW<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"466\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-5-1024x466.png\" alt=\"\" class=\"wp-image-41\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-5-1024x466.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-5-300x137.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-5-768x350.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-5.png 1247w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>VPC ID\/VNet Name : Select Landing vNet<br>Connection Type: Mapped<br>Connection Name: This is the name used for Aviatrix to track the Site2Cloud connection<br>Remote Gateway Type: Aviatrix<br>Tunnel Type: Route Based<br>IKEv2: Enabled by default<br>Enable HA: Checked as we do have two gateways deployed for HA<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"824\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-22_12_44-Aviatrix-Controller-1024x824.png\" alt=\"\" class=\"wp-image-90\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-22_12_44-Aviatrix-Controller-1024x824.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-22_12_44-Aviatrix-Controller-300x242.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-22_12_44-Aviatrix-Controller-768x618.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-22_12_44-Aviatrix-Controller.png 1278w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>Primary Cloud Gateway: Select Aviatrix Landing GW<br>Remote Gateway IP address: Enter standalone GW public IP<br>Backup Gateway: Select HA Aviatrix Landing GW<br>Remote Gateway IP Address (Backup): Enter standalone HA GW public IP<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"792\" height=\"1024\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-22_40_51-Aviatrix-Controller-792x1024.png\" alt=\"\" class=\"wp-image-92\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-22_40_51-Aviatrix-Controller-792x1024.png 792w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-22_40_51-Aviatrix-Controller-232x300.png 232w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-22_40_51-Aviatrix-Controller-768x992.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-22_40_51-Aviatrix-Controller.png 941w\" sizes=\"auto, (max-width: 792px) 100vw, 792px\" \/><\/figure>\n\n\n\n<p>Remote Subnet (Real): 172.31.0.0\/16<br>Remote Subnet (Virtual): 100.65.0.0\/16<br>Local Subnet (Real): 10.100.0.0\/16<br>Local Subnet (Virtual): 100.97.0.0\/16<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"503\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-33-1024x503.png\" alt=\"\" class=\"wp-image-94\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-33-1024x503.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-33-300x147.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-33-768x378.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-33.png 1426w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Click OK to create the Site2Cloud connection<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Configure S2C for Stand Alone Gateways<\/h4>\n\n\n\n<p>Select the newly created Site2Cloud connection, and click on Edit button <\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-9-1024x109.png\" alt=\"This image has an empty alt attribute; its file name is image-9-1024x109.png\"\/><\/figure>\n\n\n\n<p>Under <strong>Connection Detail<\/strong>:<\/p>\n\n\n\n<p>Vendor: Aviatrix<br>Platform: UCC<br>Software: 1.0<\/p>\n\n\n\n<p>Click on <strong>DOWNLOAD CONFIGURATION<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"573\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-35-1024x573.png\" alt=\"\" class=\"wp-image-96\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-35-1024x573.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-35-300x168.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-35-768x430.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-35.png 1493w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Record default VPC ID from AWS<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"865\" height=\"269\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-36.png\" alt=\"\" class=\"wp-image-99\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-36.png 865w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-36-300x93.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-36-768x239.png 768w\" sizes=\"auto, (max-width: 865px) 100vw, 865px\" \/><\/figure>\n\n\n\n<p>Site2Cloud -&gt; Setup -&gt; Add new -&gt; Select Default VPC by VPC ID<\/p>\n\n\n\n<p>Import -&gt; Select the configuration file<\/p>\n\n\n\n<p>! ! ! Make sure to change <strong>Connection Type <\/strong>from <strong>Mapped <\/strong>-&gt; to <strong>Unmapped<\/strong> ! ! !<\/p>\n\n\n\n<p>Reverse connection name, eg: From LandingAWSDefaultVPC1 to AWSDefaultVPC1Landing<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"495\" height=\"1024\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-23_02_55-Aviatrix-Controller-495x1024.png\" alt=\"\" class=\"wp-image-101\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-23_02_55-Aviatrix-Controller-495x1024.png 495w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-23_02_55-Aviatrix-Controller-145x300.png 145w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-23_02_55-Aviatrix-Controller-768x1588.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-23_02_55-Aviatrix-Controller-743x1536.png 743w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-23_02_55-Aviatrix-Controller.png 797w\" sizes=\"auto, (max-width: 495px) 100vw, 495px\" \/><\/figure>\n\n\n\n<p>Make sure to pick the correct gateway for primary and HA<\/p>\n\n\n\n<p>! ! ! Make sure enter Azure side virtual CIDR 100.97.0.0\/16 as Remote Subnet ! ! !<\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"646\" height=\"1024\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-51-646x1024.png\" alt=\"\" class=\"wp-image-128\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-51-646x1024.png 646w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-51-189x300.png 189w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-51-768x1217.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-51-969x1536.png 969w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-51.png 993w\" sizes=\"auto, (max-width: 646px) 100vw, 646px\" \/><\/figure>\n\n\n\n<p>Click OK to create unmapped S2C connection from stand alone gateways back to Landing spoke gateways<\/p>\n\n\n\n<p>Validate the connections are up<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"192\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-37-1024x192.png\" alt=\"\" class=\"wp-image-104\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-37-1024x192.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-37-300x56.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-37-768x144.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-37-1536x288.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-37.png 1549w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>If the connections don&#8217;t come up in a few minutes, you can go to SITE2CLOUD -&gt; Diagnostics -&gt; Select the connection -&gt; Action: Run analytics or Show Logs <\/p>\n\n\n\n<p>If you have CoPilot deployed, then you can observe the Site2Cloud Connections are active\/standby, and Aviatrix Controller monitor and take care of fall over<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"274\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-45-1024x274.png\" alt=\"\" class=\"wp-image-118\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-45-1024x274.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-45-300x80.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-45-768x205.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-45.png 1496w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"296\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-44-1024x296.png\" alt=\"\" class=\"wp-image-117\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-44-1024x296.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-44-300x87.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-44-768x222.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-44.png 1480w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">Observe route tables in Azure vNets<\/h4>\n\n\n\n<p>It&#8217;s worth to note that Aviatrix inject RFC1918 routes into spoke subnets route tables pointing to Aviatrix Spoke Gateways, this steers all traffic towards transit.<\/p>\n\n\n\n<p>In the Landing vNet, since we just created a Site2Cloud connection with static route, Aviatrix controller is aware of this intention and programed AWS virtual CIDR 100.65.0.0\/16 point to Aviatrix Spoke Gateway in Landing vNet<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"434\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-23_13_07-Clipboard-1024x434.png\" alt=\"\" class=\"wp-image-107\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-23_13_07-Clipboard-1024x434.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-23_13_07-Clipboard-300x127.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-23_13_07-Clipboard-768x326.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-23_13_07-Clipboard-1536x651.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-23_13_07-Clipboard.png 1946w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Then how do we get traffic to other connected spoke vNet or even across transits? Note below, Prod spoke vNet only have RFC1918 routes added, and 100.65.0.0\/16 is missing:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"413\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-23_11_20-USEProdApp1-Private-subnet-1-rtb-Microsoft-Azure-1024x413.png\" alt=\"\" class=\"wp-image-106\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-23_11_20-USEProdApp1-Private-subnet-1-rtb-Microsoft-Azure-1024x413.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-23_11_20-USEProdApp1-Private-subnet-1-rtb-Microsoft-Azure-300x121.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-23_11_20-USEProdApp1-Private-subnet-1-rtb-Microsoft-Azure-768x309.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-23_11_20-USEProdApp1-Private-subnet-1-rtb-Microsoft-Azure-1536x619.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-23_11_20-USEProdApp1-Private-subnet-1-rtb-Microsoft-Azure.png 1941w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">Allow Site2cloud connection to be accessible across transit<\/h4>\n\n\n\n<ul class=\"wp-block-list\"><li>Select newly created Site2Cloud connection, and click on Edit button:<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"198\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-15-1024x198.png\" alt=\"\" class=\"wp-image-56\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-15-1024x198.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-15-300x58.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-15-768x148.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-15-1536x297.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-15.png 1578w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Scroll and Enable <strong>Forward Traffic to Transit Gateway<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"663\" height=\"167\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-10.png\" alt=\"\" class=\"wp-image-47\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-10.png 663w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-10-300x76.png 300w\" sizes=\"auto, (max-width: 663px) 100vw, 663px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Aviatrix Controller -&gt; MULTI-CLOUD TRANSIT -&gt; List -&gt; Spoke -&gt; Select primary Landing Gateway -&gt; ACTIONS -&gt; Auto Advertise Spoke Site2Coud CIDRs<br><\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"514\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-16-1024x514.png\" alt=\"\" class=\"wp-image-57\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-16-1024x514.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-16-300x150.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-16-768x385.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-16-1536x770.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-16.png 1571w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>When you click on Enable, you should see 100.65.0.0\/16 is been advertised now, since it&#8217;s part of landing spoke Site2Cloud CIDRs<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"629\" height=\"326\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-38.png\" alt=\"\" class=\"wp-image-108\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-38.png 629w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-38-300x155.png 300w\" sizes=\"auto, (max-width: 629px) 100vw, 629px\" \/><\/figure>\n\n\n\n<p>Check Prod vNet route table again, and you can see that 100.65.0.0\/16 gets added by Aviatrix controller pointing to Prod Spoke Gateway<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"425\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-23_17_33-USEProdApp1-Private-subnet-1-rtb-Microsoft-Azure-1024x425.png\" alt=\"\" class=\"wp-image-109\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-23_17_33-USEProdApp1-Private-subnet-1-rtb-Microsoft-Azure-1024x425.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-23_17_33-USEProdApp1-Private-subnet-1-rtb-Microsoft-Azure-300x125.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-23_17_33-USEProdApp1-Private-subnet-1-rtb-Microsoft-Azure-768x319.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-23_17_33-USEProdApp1-Private-subnet-1-rtb-Microsoft-Azure-1536x638.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/2022-05-15-23_17_33-USEProdApp1-Private-subnet-1-rtb-Microsoft-Azure.png 1931w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"has-luminous-vivid-orange-color has-secondary-background-color has-text-color has-background\">Let&#8217;s pause for a sec, think how many routes you have in your cloud environment?  For changes like this, how many entries you will have to update either manually or by script? How do you ensure future vNets\/subnets won&#8217;t missing route? What if you need to quickly resolve M\/A onboarded 100+ AWS accounts using default VPC?<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Observe route table on AWS side<\/h4>\n\n\n\n<p>Search route table by Default VPC ID, and we noticed that Aviatrix Controller inserted 100.970.0\/16 pointing to ENI of the Standalone Gateway.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"784\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-40-1024x784.png\" alt=\"\" class=\"wp-image-112\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-40-1024x784.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-40-300x230.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-40-768x588.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-40.png 1492w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">Test Connectivity<\/h4>\n\n\n\n<p>From a test VM in AWS 172.31.3.115 <\/p>\n\n\n\n<p>ping Azure VM USEShared1Pub 10.100.<em>100.4<\/em> using virtual IP: <strong>100.97<\/strong>.<em>100.4<\/em><br>ping Azure VM USEProdApp1Priv 10.100.<em>64.36<\/em> using virtual IP: <strong>100.97<\/strong>.<em>64.36<\/em><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"895\" height=\"635\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-41.png\" alt=\"\" class=\"wp-image-113\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-41.png 895w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-41-300x213.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-41-768x545.png 768w\" sizes=\"auto, (max-width: 895px) 100vw, 895px\" \/><\/figure>\n\n\n\n<p>From Azure VM USEShared1Pub 10.100.100.4 ping test VM in AWS 172.31.<em>3.115<\/em> using virtual IP: <strong>100.65<\/strong>.<em>3.115<\/em><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"872\" height=\"246\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-42.png\" alt=\"\" class=\"wp-image-114\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-42.png 872w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-42-300x85.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-42-768x217.png 768w\" sizes=\"auto, (max-width: 872px) 100vw, 872px\" \/><\/figure>\n\n\n\n<p>From Azure VM USEProdApp1Priv 10.100.<em>64.36<\/em> ping test VM in AWS 172.31.<em>3.115<\/em> using virtual IP: <strong>100.65<\/strong>.<em>3.115<\/em><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"850\" height=\"206\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-43.png\" alt=\"\" class=\"wp-image-115\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-43.png 850w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-43-300x73.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-43-768x186.png 768w\" sizes=\"auto, (max-width: 850px) 100vw, 850px\" \/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">Day 2 operations and visibility<\/h4>\n\n\n\n<p>From any gateway, you can perform ping and traceroute<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"742\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-46-1024x742.png\" alt=\"\" class=\"wp-image-121\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-46-1024x742.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-46-300x217.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-46-768x556.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-46-1536x1112.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-46.png 1606w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Gateway \/VPC routes are easily searchable for any cloud <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"360\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-47-1024x360.png\" alt=\"\" class=\"wp-image-123\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-47-1024x360.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-47-300x105.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-47-768x270.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-47-1536x540.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-47-2048x720.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"463\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-48-1024x463.png\" alt=\"\" class=\"wp-image-124\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-48-1024x463.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-48-300x136.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-48-768x347.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-48-1536x694.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-48-2048x926.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"517\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-50-1024x517.png\" alt=\"\" class=\"wp-image-126\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-50-1024x517.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-50-300x151.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-50-768x388.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-50-1536x775.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-50-2048x1034.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Have netflow across clouds for evidential data<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"640\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-49-1024x640.png\" alt=\"\" class=\"wp-image-125\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-49-1024x640.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-49-300x188.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-49-768x480.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-49-1536x960.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/05\/image-49-2048x1281.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Comparison with CSR<\/h3>\n\n\n\n<ol class=\"wp-block-list\"><li>Aviatrix understood and dynamically updates route tables on multiple clouds<\/li><li>Aviatrix provides day 2 operation visibility and troubleshooting tools.<\/li><li>Aviatrix removes the skill gap to manage multi-clouds<\/li><li>No longer need to pay expensive appliance licensing<\/li><li>Aviatrix manages the failover of tunnels<\/li><\/ol>\n\n\n\n<figure class=\"wp-block-embed is-type-wp-embed is-provider-cloudlearning-365 wp-block-embed-cloudlearning-365\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"wp-embedded-content\" data-secret=\"pD5s1K3V78\"><a href=\"https:\/\/cloudlearning365.com\/?p=29\">Enable private connectivity to workloads deployed in multiple default VPCs &#8211; Part 1<\/a><\/blockquote><iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"&#8220;Enable private connectivity to workloads deployed in multiple default VPCs &#8211; Part 1&#8221; &#8212; cloudlearning365\" src=\"https:\/\/cloudlearning365.com\/?p=29&#038;embed=true#?secret=8xluF2YkAK#?secret=pD5s1K3V78\" data-secret=\"pD5s1K3V78\" width=\"584\" height=\"329\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe>\n<\/div><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>Scenario: One of our customers are primary in Azure, after merger and acquisitions, them acquired hundreds of AWS accounts, where workloads are deployed to default VPCs, which all have this address space: 172.31.0.0\/16 They are looking for a solution to &hellip; <a href=\"https:\/\/cloudlearning365.com\/?p=77\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[2],"tags":[],"class_list":["post-77","post","type-post","status-publish","format-standard","hentry","category-aviatrix"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/posts\/77","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=77"}],"version-history":[{"count":17,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/posts\/77\/revisions"}],"predecessor-version":[{"id":691,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/posts\/77\/revisions\/691"}],"wp:attachment":[{"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=77"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=77"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=77"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}