Providing Secure Cloud Networking for Google Vertex AI with Aviatrix

Using Aviatrix to secure cloud networking Vertex AI has several advantages such as:

  • Network Latency: Aviatrix CoPilot shows detailed latencies, historically for the last hour, last day, last week, and last month, for all links (connections) between managed resources. You can use the date picker to view historical latencies for a custom timeframe. You can filter the historical latency information by search field, such as by the name of a specific gateway to view historical latencies that relate only to that gateway.
  • Network Cost: Aviatrix is an enterprise-scale, self-managed cloud networking platform that could eliminate CSP reliance with cost savings, simple architecture with world-class visibility, control, and day2 operations.
  • Network Security: Aviatrix is modern born in the cloud for the cloud security platform. Unlike legacy vendors, Aviatrix Security is bolted on the platform itself. It is a pervasive security platform that also provides a framework for other vendors to integrate. This in turn provides the best possible security posture for the enterprises. Aviatrix Security Feature List includes but not limited to:
    • encryption and high performance encryption
    • egress security
    • ingress security
    • L4 Stateful Firewall
    • Cloud Security Framework (FireNet)
    • Secure Network Segmentation
    • Secure Micro-Segmentation
    • Multi-Cloud with Aviatrix Transit
    • Secure Private Service Access
    • Secure Cloud Access
    • Compliance and Visibility
    • Anomaly Detection

In this blog I show how to combine Vertex AI with a cloud network managed by Aviatrix.

Aviatrix Overview

Aviatrix is a cloud network platform that brings multi-cloud networking, security, and operational visibility capabilities that go beyond what any cloud service provider offers. Aviatrix software leverages AWS, Azure, GCP and Oracle Cloud APIs to interact with and directly program native cloud networking constructs, abstracting the unique complexities of each cloud to form one network data plane, and adds advanced networking, security and operational features enterprises require.


Aviatrix Transit FireNet allows the deployment of 3rd party firewalls onto the Aviatrix transit architecture.

Transit FireNet works the same way as the Firewall Network where traffic in and out of the specified Spoke is forwarded to the firewall instances for inspection or policy application.

Aviatrix Configuration

FireNet deployment is covered on the following blog:

Vertex AI

I’ll let Priyanka Vergadia explain what Vertex AI is:

The first step is to enable the API:

Once the API is enable, we have access to Vertex AI Dashboard:


Unfortunate I’m a data scientist and I’ll need to use a dataset from the internet as an example. Fortunately, there are datasets are available from different places. For example:


By default, training code uses public IP addresses for communication. To use private IPs we need to use custom training. This allows the training code to communicate with other tools inside an Aviatrix network.

This table shows the maximum number of parallel training jobs that you can run with reserved ranges from /16 to /19, assuming the range is used almost exclusively by Vertex AI.

Table from

Preparing the network

Private ip range allocation:

I’m going to create a private connection. Actually in my case I’ll update an existent connection:

The last step is to export routes from Aviatrix to the Vertex AI:

Because I created the range inside a vpc where i have a Cloud Router running and peered with the Aviatrix transit gateways, I don’t need to manually configure the controller to export/import routes.

When we perform custom training, we specify the name of the network where we reserved an ip range:

The training nodes will use the ips from the range allocated for communication. Unfortunately, that is as far as I can get but if you are a data scientist willing to help me test I’ll be grateful :).


Leave a Reply