{"id":998,"date":"2022-11-20T12:43:56","date_gmt":"2022-11-20T17:43:56","guid":{"rendered":"https:\/\/cloudlearning365.com\/?p=998"},"modified":"2022-11-20T12:43:59","modified_gmt":"2022-11-20T17:43:59","slug":"express-route-to-aviatrix-transit-option-3","status":"publish","type":"post","link":"https:\/\/cloudlearning365.com\/?p=998","title":{"rendered":"Express Route to Aviatrix Transit \u2013 Option 3"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">In the past blogs, we have reviewed two options to connect from on-premise to Aviatrix Transits:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li> <a href=\"https:\/\/cloudlearning365.com\/?p=886\">Express Route to Aviatrix Transit \u2013 Option 1<\/a>, where we build BGP over IPSec overlay towards Aviatrix transit. This solution have following constrains: \n<ul class=\"wp-block-list\">\n<li><mark>Each IPSec tunnel have 1.25G throughput limit<\/mark><\/li>\n\n\n\n<li><mark>Azure only support IPSec, not GRE as tunneling protocol<\/mark><\/li>\n\n\n\n<li>On-premise device must be able to support BGP over IPSec, also it is manual process to build\/maintain IPSec tunnels from on-premise device.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><a href=\"https:\/\/cloudlearning365.com\/?p=1041\">Express Route to Aviatrix Transit \u2013 Option 2<\/a>, where we utilize Azure Route Server and some smart design to bridge the BGP between Aviatrix Transit, Azure Route Server and ExpressRoute Gateway, then towards on-premise device. This solution have fpllowing constrains:\n<ul class=\"wp-block-list\">\n<li><mark>ARS can only exchange up to 200 routes with ERGW<\/mark><\/li>\n\n\n\n<li><mark>No end to end encryption between on-premsie towards Aviatrix Transit, only MACSec can be used between on-premise devices towards Microsoft Enterprise Edge router.<\/mark>\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.linkedin.com\/in\/bradhedlund\/\">Brad Hedlund<\/a> have an excellent blog about the difference: <a href=\"https:\/\/www.linkedin.com\/pulse\/securing-your-network-connection-cloud-macsec-vs-ipsec-brad-hedlund\/\">Securing your network connection to the cloud: MACSec vs. IPSec<\/a><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Additional architecture complexity\/cost and lose operational visibility, also this solution is in Azure only, means you will end up with different architecture in different clouds.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">For enterprises moving business critical applications to multi-cloud, needing point to point encryption without sacrificing the throughput, looking for unified solution that can provides enterprise level visibility, control, audibility, standardization and troubleshooting toolsets. Neither above two solution would be ideal. IPsec is industry standard utilized by all Cloud Service Providers, but how are we able to overcome it&#8217;s limitation of 1.25Gbps per tunnel?<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Aviatrix&#8217;s winning formular solves these challenges with it&#8217;s patented technology called High Performance Encryption (HPE). It automatically builds multiple IPSec tunnels over either private connectivity such as express route, or over Internet. Aviatrix then combine these tunnels into a logical pipe, to achieve line rate of encryption up to 25Gbps per appliance. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Aviatrix have several products supports HPE from edge locations: CloudN (Physical form factor), Edge 1.0 and Edge 2.0 (Virtual and physical form factor). They can be deployed on-premise data center, co-location, branch offices or retail locations. These edge devices enable customer enterprise grade visibility and control, monitoring and auditing and troubleshooting capability, as well as providing unified architecture for all major Cloud Service Providers. These solutions enable us easily push all the goodies Aviatrix Transit and Spoke architecture from the clouds towards on-premise.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In this blog, we will focus on how CloudN is deployed and connect to Aviatrix Transit. Here below is the architecture diagram:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"641\" height=\"1024\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/ER-to-Aviatrix-Transit-Options-Option2-641x1024.png\" alt=\"\" class=\"wp-image-999\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/ER-to-Aviatrix-Transit-Options-Option2-641x1024.png 641w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/ER-to-Aviatrix-Transit-Options-Option2-188x300.png 188w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/ER-to-Aviatrix-Transit-Options-Option2-768x1227.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/ER-to-Aviatrix-Transit-Options-Option2-961x1536.png 961w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/ER-to-Aviatrix-Transit-Options-Option2.png 1239w\" sizes=\"auto, (max-width: 641px) 100vw, 641px\" \/><\/figure>\n\n\n\n<!--more-->\n\n\n\n<ul class=\"wp-block-list\">\n<li>Aviatrix Transit Gateway have to be deployed with Insane mode (HPE) enabled. <\/li>\n\n\n\n<li>The underlay ExpressRoute connectivity has to be build from on-premise device towards Aviatrix Transit Gateway vNet. Follow steps in previous blog post: <a href=\"https:\/\/cloudlearning365.com\/?p=886\">Express Route to Aviatrix Transit \u2013 Option 1<\/a><\/li>\n\n\n\n<li>We don&#8217;t need loopback setup, as the HPE tunnels will be established between CloudN WAN interface and Aviatrix Transit Gateway eth0. As such the CIDR range of CloudN WAN interface need to be reachable from Aviatrix Transit Gateway eth0, via it&#8217;s subnet route table going towards ExpressRoute Gateway (ERGW) through Microsoft Enterprise Edge Router (MSEE)<\/li>\n\n\n\n<li>As illustrated in the diagram, the CloudN device have three interfaces:\n<ul class=\"wp-block-list\">\n<li>eth0 : WAN interface, this is where IPSec tunnels will be built towards Aviatrix Transit Gateways. Then BGP session will be established between CloudN to Aviatrix Transit Gateways.<\/li>\n\n\n\n<li>eth1: LAN interface, this is where BGP is established between CloudN with on-premise router<\/li>\n\n\n\n<li>eth2: MGMT interface, this is where you connect to CloudN for management, as well as where CloudN connects to internet for software updates.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">A review and validation of underlay setup<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">My lab cloudN interface IP address setup<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"180\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-41-1024x180.png\" alt=\"\" class=\"wp-image-1006\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-41-1024x180.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-41-300x53.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-41-768x135.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-41-500x88.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-41.png 1456w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">My lab router already have BGP session towards Azure Private Peering primary connection<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Azure Private Peering Primary subnet range: 169.254.80.80\/30. On-premise router will use first IP of 169.254.80.81, and MSEE will use second IP of: 169.254.80.82<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"611\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-42-1024x611.png\" alt=\"\" class=\"wp-image-1007\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-42-1024x611.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-42-300x179.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-42-768x458.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-42-500x298.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-42.png 1122w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">On-premise router config.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>GigabitEthernet0\/0\/0.803 on VLAN 803, assigned IP: 169.254.80.81\/30<\/li>\n\n\n\n<li>On-premise router asn: 65000, neighbor with MSEE 169.254.80.82, ER circuit asn is static: 12076 <\/li>\n\n\n\n<li>On-premise router advertise multiple subnets including CloudN WAN range of 10.1.32.0\/24<\/li>\n\n\n\n<li>On-premise router limit advertisement towards ER peering to only 10.1.32.0\/24<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>interface GigabitEthernet0\/0\/0.803\n description to be connected to an Azure ER circuit\n encapsulation dot1Q 803\n ip address 169.254.80.81 255.255.255.252\n\nrouter bgp 65000\n bgp log-neighbor-changes\n neighbor 169.254.80.82 remote-as 12076\n neighbor 169.254.80.82 description Express Route\n !\n address-family ipv4\n  network 10.1.30.0 mask 255.255.255.0\n  network 10.1.30.10 mask 255.255.255.255\n  network 10.1.31.0 mask 255.255.255.0\n  network 10.1.32.0 mask 255.255.255.0\n  neighbor 169.254.80.82 activate\n  neighbor 169.254.80.82 soft-reconfiguration inbound\n  neighbor 169.254.80.82 prefix-list router-to-er out\n  maximum-paths 8\n exit-address-family\n\nip prefix-list router-to-er description Advertise Loopback only\nip prefix-list router-to-er seq 10 permit 10.1.32.0\/24\n<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Verify on ExpressRoute Circuit -&gt; Peerings -&gt; Azure Private -&gt; View route table<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"466\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-44-1024x466.png\" alt=\"\" class=\"wp-image-1009\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-44-1024x466.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-44-300x137.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-44-768x350.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-44-500x228.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-44.png 1377w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">It received Aviatrix Transit vNet CIDR 10.0.16.0\/23 from ERGW of static asn: 65515. It also received CloudN WAN CIDR range of 10.1.32.0\/24 from on-premise router asn: 65000 <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"429\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-43-1024x429.png\" alt=\"\" class=\"wp-image-1008\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-43-1024x429.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-43-300x126.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-43-768x322.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-43-500x209.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-43.png 1036w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">10.0.17.236 and 10.0.17.237 is ERGW, as seen below ERGW is associated with GatewaySubnet of 10.0.17.224\/27<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"680\" height=\"600\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-45.png\" alt=\"\" class=\"wp-image-1010\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-45.png 680w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-45-300x265.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-45-340x300.png 340w\" sizes=\"auto, (max-width: 680px) 100vw, 680px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">We can also validate on the Aviatrix Transit Gateway eth0 effective route table<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"322\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-46-1024x322.png\" alt=\"\" class=\"wp-image-1011\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-46-1024x322.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-46-300x94.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-46-768x242.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-46-500x157.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-46.png 1442w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"> <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"733\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-47-1024x733.png\" alt=\"\" class=\"wp-image-1012\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-47-1024x733.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-47-300x215.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-47-768x549.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-47-419x300.png 419w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-47.png 1272w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Also remember, the Route table must have Propagate gateway route checked to allow ERGW to program routes received from ER private peering<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"793\" height=\"463\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-48.png\" alt=\"\" class=\"wp-image-1013\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-48.png 793w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-48-300x175.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-48-768x448.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-48-500x292.png 500w\" sizes=\"auto, (max-width: 793px) 100vw, 793px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">From Aviatrix Transit Gateway ping the default gateway of CloudN WAN interface, this interface is on the on-premise router.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"983\" height=\"1024\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-49-983x1024.png\" alt=\"\" class=\"wp-image-1014\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-49-983x1024.png 983w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-49-288x300.png 288w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-49-768x800.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-49.png 1244w\" sizes=\"auto, (max-width: 983px) 100vw, 983px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">You will not be able to ping CloudN&#8217;s WAN interface 10.1.32.100 yet, even though earlier we saw the CloudN WAN interface have a gateway point to on-premise router 10.1.32.1. To explain this, logon to CloudN device itself, when CloudN is not registered with Aviatrix Controller, it&#8217;s considered as Stand Alone CloudN, and diagnostics can be performed on the device itself. The interface looks like an older version Aviatrix Controller interface. Troubleshoot -&gt; Diagnostics -&gt; Gateway -&gt; Make sure Gateway is set to none, and Controller checked -&gt; Run<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"893\" height=\"1024\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-50-893x1024.png\" alt=\"\" class=\"wp-image-1015\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-50-893x1024.png 893w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-50-262x300.png 262w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-50-768x880.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-50.png 1136w\" sizes=\"auto, (max-width: 893px) 100vw, 893px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Look at ip rule section<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\"ip rule\": &#91;\n                \"0:\\tfrom all lookup local \",\n                \"5:\\tfrom all fwmark 0xf4240 lookup mgmt \",\n                \"10:\\tfrom all iif lo lookup exclude_gateway \",\n                \"32766:\\tfrom all lookup main \",\n                \"32767:\\tfrom all lookup default\"\n            ],<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>0: First it will look at ip route table&nbsp;<strong>local<\/strong>, where it won\u2019t find a match for Aviatrix Transit vNet CIDR 10.0.16.0\/23<\/li>\n\n\n\n<li>5: Then it will look at packet that\u2019s marked 0xf4240, which are packets came from mgmt interface eth0, this won\u2019t be a match either, as the response packet would originate from CloudN itself<\/li>\n\n\n\n<li>10: Packet came from&nbsp;<strong>loopback&nbsp;<\/strong>or&nbsp;<strong>local&nbsp;<\/strong>will use exclude_gateway route table, where it will use 10.1.0.254 as default gateway via mgmt interface<\/li>\n\n\n\n<li>It will not process further rules as it found a match.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">exclude_gateway route table<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\"ip route table exclude_gateway\": &#91;\n                \"default via 10.1.0.254 dev eth2 metric 100 \",\n                \"10.1.0.0\/24 dev eth2 proto kernel scope link src 10.1.0.3 \",\n                \"10.1.31.0\/24 dev eth1 scope link src 10.1.31.100 \",\n                \"10.1.32.0\/24 dev eth0 scope link src 10.1.32.100 \",\n                \"throw 169.254.0.0\/16\"\n            ],<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">But how Aviatrix will then build IPSec tunnel with Aviatrix Transit Gateway? Read on please<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">CloudN registration, attachment and validation<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">As mentioned earlier, CloudN that&#8217;s not registered with Aviatrix Controller is considered as Stand Alone CloudN, and you will need to manage everything directly from the CloudN appliance itself, including building Site2Cloud IPSec tunnels.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Once you have registered CloudN to Aviatrix Controller, it became Managed CloudN appliance, all operations should be performed on the Aviatrix Controller. It makes building HPE tunnels as easy as attach Spoke Gateway to Transit Gateway.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">To register CloudN,  login to CloudN, click on UseCases -&gt; Managed CloudN<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"805\" height=\"327\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-51.png\" alt=\"\" class=\"wp-image-1016\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-51.png 805w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-51-300x122.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-51-768x312.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-51-500x203.png 500w\" sizes=\"auto, (max-width: 805px) 100vw, 805px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">This brings Settings -&gt; Advanced -&gt; Registration page, where you will need to enter Aviatrix Controller IP or DNS name, username and password, as well as pick a name for the CloudN appliance, note:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Network Security Group on the controller must allow public IP of the mgmt interface access on TCP 443<\/li>\n\n\n\n<li>The user account need to have CloudN permission<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"646\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-52-1024x646.png\" alt=\"\" class=\"wp-image-1017\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-52-1024x646.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-52-300x189.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-52-768x485.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-52-1536x970.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-52-475x300.png 475w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-52.png 1974w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Example of adding CloudN read\/write permission to &#8220;test&#8221; permission group in Controller -&gt; Accounts -&gt; Permission Groups -&gt; Select permission group -&gt; Manage permissions<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"643\" height=\"247\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-53.png\" alt=\"\" class=\"wp-image-1018\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-53.png 643w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-53-300x115.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-53-500x192.png 500w\" sizes=\"auto, (max-width: 643px) 100vw, 643px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Wait for the registration to complete<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"931\" height=\"475\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-54.png\" alt=\"\" class=\"wp-image-1019\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-54.png 931w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-54-300x153.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-54-768x392.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-54-500x255.png 500w\" sizes=\"auto, (max-width: 931px) 100vw, 931px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">The registration process require outbound Internet connectivity. If run into issue, reference to <a href=\"https:\/\/aviatrix.zendesk.com\/hc\/en-us\/articles\/4417312119437-Aviatrix-Products-Access-to-external-FQDN-required\">Required Access for External Sites<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Once registered, the CloudN appliance console top right would indicate the appliance is now managed by Aviatrix controller. All operations going forward need to be performed from Aviatrix Controller.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"85\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-55-1024x85.png\" alt=\"\" class=\"wp-image-1020\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-55-1024x85.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-55-300x25.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-55-768x64.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-55-500x42.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-55.png 1042w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">In Aviatrix Controller -&gt; CloudN -&gt; List, you should see the device is registered<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"346\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-56-1024x346.png\" alt=\"\" class=\"wp-image-1021\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-56-1024x346.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-56-300x101.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-56-768x259.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-56-1536x519.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-56-500x169.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-56.png 1850w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Controller -&gt; CloudN -&gt; Attach -&gt; Prepare to Attach, this step is only necessary for building tunnels over Internet connectivity. We are building the tunnels over ExpressRoute, so this step can be skipped. However if you are building tunnels on Internet and detection failed, you can manually specify the public IP of the WAN port, then click on Apply<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"430\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-57-1024x430.png\" alt=\"\" class=\"wp-image-1022\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-57-1024x430.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-57-300x126.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-57-768x322.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-57-1536x645.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-57-2048x860.png 2048w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-57-500x210.png 500w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">On-premise router LAN interface and BGP configuration<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Create loopback interface 88 is for testing purpose<\/li>\n\n\n\n<li>Note the on-premise router LAN interface is 10.1.31.1 peering with CloudN LAN interface 10.1.31.100 <\/li>\n\n\n\n<li>ip prefix-list limit only loopback 88 gets propagated to CloudN<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>interface Loopback88\n ip address 192.168.88.88 255.255.255.255\n\ninterface GigabitEthernet0\/0\/1.31\n description \"cloudN-3 LAN\"\n encapsulation dot1Q 31\n ip address 10.1.31.1 255.255.255.0\n\nrouter bgp 65000\n bgp log-neighbor-changes\n neighbor 10.1.31.100 remote-as 65003\n neighbor 10.1.31.100 description cloudN-3\n !\n address-family ipv4\n  network 10.1.30.0 mask 255.255.255.0\n  network 10.1.30.10 mask 255.255.255.255\n  network 10.1.31.0 mask 255.255.255.0\n  network 10.1.32.0 mask 255.255.255.0\n  neighbor 10.1.31.100 activate\n  neighbor 10.1.31.100 soft-reconfiguration inbound\n  neighbor 10.1.31.100 prefix-list to-cloudN out\n  maximum-paths 8\n exit-address-family\n\nip prefix-list to-cloudN seq 10 permit 192.168.88.88\/32\n<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Attach CloudN to Aviatrix Transit, the same workflow also establish BGP with on-premise router. Over Private Network is checked for using ExpressRoute<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"739\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-58-1024x739.png\" alt=\"\" class=\"wp-image-1023\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-58-1024x739.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-58-300x217.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-58-768x554.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-58-416x300.png 416w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-58.png 1402w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">CloudN is building IPSec tunnels towards both Aviatrix Transit Gateways<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1016\" height=\"339\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-60.png\" alt=\"\" class=\"wp-image-1025\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-60.png 1016w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-60-300x100.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-60-768x256.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-60-500x167.png 500w\" sizes=\"auto, (max-width: 1016px) 100vw, 1016px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Once the attach is completed, CloudN -&gt; List -&gt; you can see the CloudN is now attached<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"220\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-61-1024x220.png\" alt=\"\" class=\"wp-image-1026\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-61-1024x220.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-61-300x65.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-61-768x165.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-61-1536x331.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-61-500x108.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-61.png 2021w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">In Site2Cloud -&gt; Setup, we should see the connection from CloudN to Aviatrix Transit Gateways are Up<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"219\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-62-1024x219.png\" alt=\"\" class=\"wp-image-1027\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-62-1024x219.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-62-300x64.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-62-768x164.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-62-1536x329.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-62-2048x439.png 2048w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-62-500x107.png 500w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">To confirm BGP, Multi-Cloud Transit -&gt; List -&gt; Transit Gateways -&gt; Select a Transit Gateway, then click on Details\/Diag<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"303\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-63-1024x303.png\" alt=\"\" class=\"wp-image-1028\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-63-1024x303.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-63-300x89.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-63-768x227.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-63-1536x454.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-63-500x148.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-63.png 1584w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Scroll to Gateway Route Table, then click on the Refresh button.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Search for the 192.168.88.88 loopback we advertised, you can see 8 tunnels been between CloudN towards Aviatrix Transit. Also a tunnel going towards HA gateway for redundant route.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"789\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-65-1024x789.png\" alt=\"\" class=\"wp-image-1030\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-65-1024x789.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-65-300x231.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-65-768x591.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-65-1536x1183.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-65-390x300.png 390w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-65.png 1605w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">We can observe in Azure Portal, the Transit Gateway have 8 IPs assigned to eth0<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"661\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-67-1024x661.png\" alt=\"\" class=\"wp-image-1032\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-67-1024x661.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-67-300x194.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-67-768x496.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-67-465x300.png 465w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-67.png 1465w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Since we have not attached any spoke to the Transit, on-premise router won&#8217;t receive any route from Aviatrix Transit yet<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>show ip bgp neighbors 10.1.31.100 received-routes \n\nTotal number of prefixes 0 <\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">As described in previous blog, we have multiple way to test this<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Attach an Aviatrix Spoke <\/li>\n\n\n\n<li>Advertise Transit CIDR<\/li>\n\n\n\n<li>Gateway Manual BGP Advertised Network List<\/li>\n\n\n\n<li>Connection Manual BGP Advertised Network List<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Following example using the last method:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"459\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-68-1024x459.png\" alt=\"\" class=\"wp-image-1033\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-68-1024x459.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-68-300x135.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-68-768x345.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-68-500x224.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-68.png 1228w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code>#show ip bgp  neighbors 10.1.31.100 received-routes \nBGP table version is 10, local router ID is 192.168.77.1\nStatus codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal, \n              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, \n              x best-external, a additional-path, c RIB-compressed, \n              t secondary path, L long-lived-stale,\nOrigin codes: i - IGP, e - EGP, ? - incomplete\nRPKI validation codes: V valid, I invalid, N Not found\n\n     Network          Next Hop            Metric LocPrf Weight Path\n *&gt;   80.80.80.80\/32   10.1.31.100                            0 65003 65001 i\n\nTotal number of prefixes 1 \n\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">CloudN advanced features<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Since now the CloudN is managed by Aviatrix Controller, following operations are done in Aviatrix Controller. CloudN -&gt; Advanced -&gt; BGP -&gt; Pick a command to run, example showing ip bpg on the CloudN itself<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"393\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-69-1024x393.png\" alt=\"\" class=\"wp-image-1034\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-69-1024x393.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-69-300x115.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-69-768x295.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-69-1536x590.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-69-500x192.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-69.png 1968w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">You can also specify AS Path Prepend against a particular CloudN device, this would help with multiple CloudN setup and you want one CloudN to be on the preferred active path<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"377\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-70-1024x377.png\" alt=\"\" class=\"wp-image-1035\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-70-1024x377.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-70-300x111.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-70-768x283.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-70-1536x566.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-70-500x184.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-70.png 1541w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Revisit the priory routing issue between CloudN and Aviatrix Transit Gateway<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">CloudN -&gt; List -&gt; Select the CloudN device -&gt; Diag -&gt; Run<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"448\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-71-1024x448.png\" alt=\"\" class=\"wp-image-1036\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-71-1024x448.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-71-300x131.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-71-768x336.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-71-500x219.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-71.png 1318w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Aviatrix Controller programmed all Aviatrix Transit Gateways&#8217; eth0 IP address in the exclude_gateway route table pointing to on-premise router, this resolved the connectivity issue between CloudN WAN interface to Aviatrix Transit Gateways eth0 mentioned before.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"597\" height=\"976\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-72.png\" alt=\"\" class=\"wp-image-1037\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-72.png 597w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-72-184x300.png 184w\" sizes=\"auto, (max-width: 597px) 100vw, 597px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">By utilizing Aviatrix CloudN to connect on-premise to the clouds<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>We are able to solve the challenges enterprises are facing when moving mission critical applications to the clouds, by providing unified architecture, enterprise grade visibility and control, monitoring and auditing and advanced troubleshooting capability<\/li>\n\n\n\n<li>High performance encryption solves the dilemma of choosing amongst security or performance or complexity<\/li>\n\n\n\n<li>Unified architecture requires less training and will enable workforce quickly onboard secure connectivity to the clouds, and focus what&#8217;s really matters to the business.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Additional readings<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/cloudlearning365.com\/?p=392\">Direct Connect to Aviatrix Transit \u2013 Option 1<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/cloudlearning365.com\/?p=538\">Direct Connect to Aviatrix Transit \u2013 Option 2<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/cloudlearning365.com\/?p=608\">Direct Connect to Aviatrix Transit \u2013 Option 3<\/a><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In the past blogs, we have reviewed two options to connect from on-premise to Aviatrix Transits: For enterprises moving business critical applications to multi-cloud, needing point to point encryption without sacrificing the throughput, looking for unified solution that can provides &hellip; <a href=\"https:\/\/cloudlearning365.com\/?p=998\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[2,4],"tags":[],"class_list":["post-998","post","type-post","status-publish","format-standard","hentry","category-aviatrix","category-azure"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/posts\/998","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=998"}],"version-history":[{"count":15,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/posts\/998\/revisions"}],"predecessor-version":[{"id":1092,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/posts\/998\/revisions\/1092"}],"wp:attachment":[{"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=998"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=998"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=998"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}