Mark Noorman

How to architect multi-cloud networking

Aviatrix has been hosting frequent interesting webinars recently, covering several cloud networking and security challenges, called TechTalk Tuesdays.

In this blog post I’ll be discussing a webinar by Aviatrix on how to architect multi-cloud networking, which was held recently and can be viewed here.

If you don’t know them yet but are experiencing the limitations of native cloud networking services or if you are looking for a high-grade multi-cloud networking solution, then you really need to check this out. Aviatrix is a vendor of cloud-native networking solutions and have been around for several years. They have an impressive, fast growing portfolio of products which together form a platform solving multi-cloud networking challenges. 

The trend they see is that nowadays, more and more enterprises are migrating their workloads to the public cloud domain. And although a small or startup company can easily run on just AWS, Azure, OCI or GCP, for a large enterprise that’s not so easy. The services offered by Cloud Service Providers (CSP’s) differ greatly and are updated on a weekly basis, each having their strengths in specific domains. Enterprises that want to get the most out of special services, like for example IoT, data analytics, extreme performance databases or software development are almost forced to use one specific CSP for such a workload. There can be other reasons for choosing multiple CSPs, for example presence in a certain geographical area, operational cost, redundancy or simply a strategy not wanting to depend on one vendor. However, when the goal is to interconnect these environments, several networking challenges pop up.

To start with, CSPs have implemented similar services like for example the VPC/VNET or site-2-site VPN, with different characteristics. Also, as a datacenter network engineer you are used to having access to switches, routers and firewalls, or sophisticated Software Defined Networking tooling, to perform your in-depth analytics and troubleshooting. Native cloud constructs offer only the basics, so there’s a gap. Companies that are going multi-cloud will want to have such insights and analytics, preferably a ‘single pane of glass’ for all clouds.

The first thing Aviatrix did was ‘back to the drawing board’. Together with a group of large enterprise customers they made an inventory of cloud network services and their own requirements and came up with a model called the Multi Cloud Networking Architecture. No matter what CSP or combination of CSPs you are using, network services can be placed in one of the layers which creates a clear overview. Strong point of this architecture is that the layers can be changed independent of each other, which provides a very flexible and scalable connectivity model.

A new concept that is introduced in this architecture is the Transit Layer. Sure, there’s the Transit Gateway offered by AWS, but that cannot be easily connected to OCI or Azure. By creating transit VPC’s and VNETs and deploying Aviatrix Gateways in these zones which are then interconnected, an overlay network is created that connects all clouds, your datacenters and other required locations. The Aviatrix Gateways fully integrate with all the cloud native networking services, but add a layer of abstraction that provides enormous scalability and robustness. Adding another VPC or even CSP? Not a problem. Connecting to a new vendor with overlapping CIDR ranges? No sweat.

A strength of these TechTalk Tuesdays in my opinion is that not only the theory is discussed, but most of the times a practical customer case is highlighted, to show how it was actually implemented. These customers often face the same challenges as you, so if you are reaching limits of the native cloud network constructs or are struggling creating a multi cloud network architecture, I can highly recommend these webinars. An overview of all webinars and podcasts, and how to subscribe to the TechTalk Tuesdays, can be found here.