Category: thrid party integration

cloud networking, multi-cloud networking, thrid party integrationLeave a comment

Building a Cloud Backbone

rtrentin

This architecture establishes a cloud backbone connecting AWS, Azure, and GCP, with AWS Transit Gateway (TGW), Azure Virtual WAN (vWAN), and GCP Network Connectivity Center (NCC) serving as northbound components to manage connectivity within each cloud, while Aviatrix Transit Gateways form the backbone for inter-cloud connectivity, ensuring seamless traffic flow across the clouds. Southbound connectivity links on-premises environments to each cloud using dedicated circuits, specifically AWS Direct Connect, Azure ExpressRoute, and GCP Cloud Interconnect, enabling secure and high-performance access to cloud resources. AWS Transit Gateway Azure Virtual WAN (vWAN) GCP Network Connectivity Center (NCC) AWS Transit Gateway, Azure Virtual WAN, … Continue reading Building a Cloud Backbone

cloud networking, multi-cloud networking, thrid party integrationLeave a comment

Centralized Ingress using FortiGate NGFWs and Aviatrix Transit Gateways with FireNet enabled

rtrentin

High Level Design Ingress Design using the Aviatrix FireNet FortiGates: All FortiGates receive sessions via the load balancer as long as they pass the health checks. While an Active-Passive (A-P) cluster behind the load balancer is an option, it is generally more effective to use standalone FGT units behind the load balancer in multiple Availability Zones (AZs). This configuration provides a robust mechanism to withstand the complete failure of an AZ. For reference, i have attached the Aviatrix Transit Firewall Network design for FortiGate firewalls below: The application flow is show below: Aviatrix Transit Configuration Enable Firenet Navigate to CoPilot … Continue reading Centralized Ingress using FortiGate NGFWs and Aviatrix Transit Gateways with FireNet enabled

multi-cloud networking, thrid party integrationLeave a comment

That “little” AWS Security Group to PAN Migration Project

rtrentin

AWS Security Groups filters the traffic for one or more instances. It accomplishes this filtering function at the Transmission and IP layers, via their respective ports, and source/destination IP addresses. At least one Security Group is associated to an instance and it carries a set of rules that filter traffic entering and leaving the instances. Security Groups have a set of rules that filter traffic in two ways: inbound and outbound. The SG has a “Deny All” that allows data packets to be dropped if no rule is assigned to them from the source IP. The quota for security groups … Continue reading That “little” AWS Security Group to PAN Migration Project

cloud networking, multi-cloud networking, thrid party integrationLeave a comment

Hybrid Google Cloud DNS Connectivity with Aviatrix

rtrentin

The following services are offered by gcp for name resolution: Internal DNS (169.254.169.254) is a service that automatically creates DNS names for virtual machines and internal load balancers on Compute Engine. Cloud DNS is a service providing DNS zone serving. Zones Cloud DNS supports public and private zones: Private zones have the following options: forward queries to another server DNS peering Manage reserve lookup zone Use a service directory namespace Cloud Networking Reference Architecture The Aviatrix FireNet reference architecture is described below: Hybrid approach with two authoritative DNS systems For hybrid environments there are a few options but the recommended … Continue reading Hybrid Google Cloud DNS Connectivity with Aviatrix

cloud networking, secure edge, thrid party integrationLeave a comment

Connecting Cisco ACI to Aviatrix

rtrentin

Cisco ACI Overview It is a Software Defined Network (SDN) solution from Cisco for Data Centers. ACI fabric consists of discrete components connected in a spine and leaf switch topology that it is provisioned and managed as a single entity: Application Policy Infrastructure Controller (APIC): The APIC is the point of configuration for policies and the place where statistics are archived and processed to provide visibility, telemetry, and application health information and enable overall management of the fabric. The controller is a physical appliance based on a Cisco UCS rack server with two interfaces for connectivity to the leaf switches. … Continue reading Connecting Cisco ACI to Aviatrix