AWS Global Transit Hub
Quick Start Deployment

Aviatrix, an AWS Advanced and Network Competency Partner, offers a Next-Generation Global Transit Hub solution for AWS public cloud. It simplifies the way you enable a global transit network by automating the entire deployment - both transit hub and spoke VPCs - and configures one central console (Aviatrix Controller) for ongoing monitoring and troubleshooting all aspects of your AWS connectivity.

This Aviatrix for AWS Quick Start is a fully automated solution that utilizes AWS APIs to deploy a Global Transit Hub in minutes. The topology diagram below illustrates the transit VPC and spoke architecture enabled when using the AWS CloudFormation template available below.

A typical AWS Global Transit VPC architecture which includes a Transit Hub VPC connecting many Spoke VPCs to facilitate communication between the Spoke VPCs and on-premises network.

  1. This highly available design deploys the Aviatrix Controller into an existing VPC or a new VPC. Upon deploying the Aviatrix Controller using this Quick Start, you can use the Aviatrix Global Transit Network Wizard in the Aviatrix Controller to deploy the Hub Gateway instances into a VPC that will be designated as the Next-Gen Global Transit Hub. The wizard also allows you to deploy the Spoke Gateway instances in the spoke VPCs and connect them to the Next-Gen Global Transit Hub VPC.
  2. The Transit Network Wizard lets you add spoke VPCs in any AWS Region to your global transit network by attaching those VPCs to the Next-Gen Global Transit Hub. VPN connections are automatically established between the spoke VPCs and the Next-Gen Global Transit Hub VPC.
  3. Once you have established your global transit VPC, you can extend beyond the AWS Cloud and automate configuration of VPN connections to network providers or on-premises infrastructure - or even other public cloud providers - via the Aviatrix Controller.
  4. Aviatrix allows you to optionally expand your global transit architecture to include a Shared Services layer with direct peering for better support of cloud/devops teams who require a shared services or management VPC for common services in the cloud (such as firewall, NAT, or egress filtering).

Download the PDF "Quick Start Deployment Guide"

What is unique about the Aviatrix Global Transit Solution?

Centralized Controller

Point-and-click, centralized management console (with REST API support) manages distributed gateways and can easily be operated by both cloud ops and network engineers. No deep networking skills required (No CLI). Additionally, changes or customizations can quickly and easily be implemented through the Controller UI.

BGP is Required in Transit VPC only

The Aviatrix offering is API-based and uses policy-based routing from the spokes to the transit hub VPC. The Spoke VPC routes are advertised to the Aviatrix Gateway in the Transit VPC by the Aviatrix Controller. The Aviatrix Gateway in the Transit VPC then exchanges routes with the on-premises network using Border Gateway Protocol (BGP) via the VGW. The learned routes from the Aviatrix Transit Gateway are sent to the Controller for propagation to the spoke VPCs.

Simplified Troubleshooting

Integrated diagnostic tools make troubleshooting much easier than traditional networking products that use BGP everywhere. Integrated EC2 FlightPath troublesho0ting tool helps identify EC2 Connectivity problems faster to minimize business downtime.

Built-in Security

VPC Isolation and segmentation are created by design - with spoke to spoke connectivity through the transit hub. With encrypted links, an integrated stateful firewall for policy enforcement, and fully qualified domain name filtering (FQDN), Aviatrix ensures security is fully integrated with your global transit network. Aviatrix also supports VPC-to-VPC direct peering allowing direct spoke-to-spoke connectivity (eliminating the transit hop). This configuration can be enabled via the Controller.

Monitoring and Visibility

Central dashboard provides visual representation of your global transit network, and monitors, displays and alerts on link status, performance and link latency for transit hubs and spoke VPCs.

Fully Supported Solution

To ensure a successful deployment, Aviatrix provides customer support for all components of the solution, including the automation scripts.

Get Started

What You’ll Accomplish

A Next-Generation Global Transit Hub is part of a second generation of networking technology, combining a traditional global transit hub with additional security, scale, and operational functionalities.

Aviatrix Global Transit Hub Quick Start solution enables a highly secure Global Transit Hub architecture using Aviatrix Controller and Aviatrix Gateways that are deployed in a high availability configuration. The Transit Hub VPC can be a new VPC or an existing VPC.

This Quick Start deploys the Aviatrix Next-Gen Global Transit Hub solution, which provides a hub-and-spoke model to perform routing between spoke networks and on-premises data center or physical sites through a central hub.

This solution allows you to connect spoke VPCs to the transit hub VPC using the Aviatrix Controller point-and-click Aviatrix Global Transit Network Wizard. The in-product Transit Network Wizard allows you to launch and configure two Aviatrix Gateways in the transit hub VPC and the designated spoke VPCs, in a high availability (HA) mode. If one Aviatrix Gateway fails, the second Aviatrix Gateway automatically connects in seconds to reduce network downtime.

This Aviatrix solution provides enhanced security by maintaining VPC segmentation, allowing the user to control policy-based connectivity, and using encrypted links everywhere. From an operations perspective, this Aviatrix solution includes higher levels of automation via REST APIs, configuration wizards to simplify and streamline orchestration of networking services, troubleshooting with Aviatrix EC2 FlightPath and other integrated tests, and visibility with global dashboards. Lastly, future-orientated teams can grow easily as this Aviatrix solution removes route table limitations and extends the Next-Gen Global Transit Hub with additional cloud networking use cases: remote user VPN, egress security, site to cloud and multicloud peering.

What You’ll Need Before Starting

An AWS account

You will need an AWS account to begin provisioning resources.

Skill level

This solution is intended for cloud engineers, network engineers, architects, devops, and cloud/IT infrastructure who are familiar with AWS cloud. Your deployment of any Aviatrix solution - including changes or customizations to this Global Transit Hub Quick Start Deployment - are always fully supported by our AWS-certified technical experts.

Aviatrix Pricing and Licensing

You are also responsible for the Aviatrix license that is required to deploy the Aviatrix Next-Gen Global Transit Hub. Subscribe to an Amazon Machine Image (AMI) for Aviatrix software in AWS Marketplace, choosing the licensing option:

Aviatrix Transit VPC License Cost per hour
Aviatrix Secure Networking Platform PAYG - Metered (Available on the AWS Marketplace) Hourly subscription license based on the prices listed in the AWS Marketplace webpage.

This pay-as-you-grow license allows you to build and scale your Next-Gen Global Transit Hub network to any size, consisting of one transit hub VPC and many spoke VPCs.

The AWS CloudFormation template for this Quick Start includes configuration parameters that you can customize. Some of these settings, such as instance type, will affect the cost of deployment. For cost estimates, see the pricing pages for each AWS service you will be using. Prices are subject to change.

Deployment Options

This Quick Start provides two deployment options:

Deploy Aviatrix into a New VPC

This option builds a new AWS environment consisting of the Global Transit Hub VPC, subnets, Internet Gateway, Default Route and other infrastructure components, and then deploys an Aviatrix Controller and one Aviatrix Hub Gateway into this new VPC.

Deploy Aviatrix into an Existing VPC

This option provisions an Aviatrix Controller, one Aviatrix Hub Gateway and other infrastructure components into an existing AWS VPC that will be designated as the Transit Hub VPC.

The Quick Start allows you to choose either of these options. It also lets you customize and configure CIDR blocks, instance types, and Aviatrix settings, as discussed later in this guide.

Solution FAQs

What is a transit hub VPC?

A transit hub VPC is a common strategy for connecting multiple, geographically disperse VPCs and remote networks in order to create a global network transit center. A transit hub VPC simplifies network management and minimizes the number of connections required to connect multiple VPCs and remote networks. For hybrid organizations, It's a recommended way to connect on premise environments with many AWS VPCs.

How is Aviatrix Global Transit Hub VPC different vs other solutions?

Aviatrix is the only cloud-native solution for creating a transit hub to enable simple point-and-click configuration of networking connections in AWS. The console (Aviatrix Controller) gives users the ability to implement Global Transit Hub VPC design via REST API (no CLI required). See the chart below for specific differences and advantages of Aviatrix versus other offerings. (See above for more information.)

Does the Aviatrix Solution offer High Availability?

Yes. The solution deploys dual gateways in both the Transit VPC and spoke VPCs. If one Aviatrix gateway fails, the standby Aviatrix gateway is automatically connected in seconds to reduce network downtime.

How long will it take to deploy the Aviatrix Global Transit Hub for AWS?

If you already have an AWS account, it should take less than 10 minutes to deploy the transit hub. The spokes are connected upon tagging the spoke VPC.

What is Aviatrix relationship with AWS?

Aviatrix is an AWS Advanced Partner and a Network Competency Partner. This Quick Start Reference Deployment Guide was created by Amazon Web Services (AWS) in partnership with Aviatrix Systems.

Comparing AWS Global Transit Offerings

Aviatrix Next-Generation Transit vs Cisco CSR and VGW

Business & Pricing Aviatrix Offering Cisco Offering w/CSR script
List Price for Hub & 5 Spokes $8K Starts at $10K, up to $25K depending on throughput
Unlimited Throughput Yes No, additional charges apply
Data Transfer Out Charges 1X with Aviatrix peering, 2X with transit hub 2X with transit hub, no direct peering available
AWS Network Competency Status Aviatrix is certified Cisco is not certified
Operational Features Aviatrix Offering Cisco Offering w/CSR script
Deployment Time Minutes Minutes
Central Controller Yes No
Troubleshooting Easy Difficult
Scale Out Automatic Automatic
Networking Skills to Maintain/Support Low High (CCIE Certification)
Instance Size Requirements T2.micro and above Default is C4 Large
API Driven Yes No
Customization Method Automated thru simple point-and-click Manual thru modification of the non-supported Lambda script
High Availability Yes, in real-time via single checkbox Yes, via manual effort; testing required
Integrated Monitoring Yes Not automated, requires additional work
Technical Features Aviatrix Offering Cisco Offering w/CSR script
Performance Maximum available AWS instance throughput Maximum available AWS instance throughput
Transit Hub Support Yes Yes
Full or Partial Mesh Support Yes No
VPC Security Control Yes Yes
Multi-cloud Support Yes No
Inter-region Yes – peered & transit Yes – thru transit only
Route Limit Entry No Limit Up to 100 Only
Network Segmentation & Isolation Yes No