Amazon Web Services has rolled out a new, more native way to connect SD-WAN infrastructures with AWS resources.
Introduced at its re:Invent virtual event, AWS Transit Gateway Connect promises a simpler, faster, and more secure way for customers to tie cloud-based resources back to data centers, remote office workers or other distributed access points as needed.
Thirteen networking vendors including Cisco, Aruba, Arista, Alkira, Fortinet, Palo Alto, and Versa announced support for the technology, which offers higher throughput and increased security for distributed cloud workloads.
Transit Gateway Connect builds on AWS’s Transit Gateway (TGW) software announced at re:Invent last year, which lets customers connect Amazon Virtual Private Clouds (VPCs) and their on-premises networks to a single gateway. With Transit Gateway integration, customers can apply network access and segmentation as well as security policies to cloud traffic flows.
Transit Gateway Connect is a new connection type that supports Generic Routing Encapsulation (GRE) for higher bandwidth compared to a VPN connection, according to an AWS blog about the option. In addition, it supports Border Gateway Protocol (BGP) for dynamic routing and removes the need to configure static routes. This simplifies network design and reduces associated operational costs. Integration with Transit Gateway Network Manager provides advanced visibility through global network topology, attachment-level performance metrics, and telemetry data, AWS stated.
Cisco said it has further broadened its ongoing integration with Amazon Web Services by tying its core SD-WAN and ACI platforms to Transit Gateway Connect. Cisco has already been tightly integrating its SD-WAN software with AWS Transit Gateway over the past year to let users connect to AWS workloads via the Cisco SD-WAN controller.
Other integration around Cisco’s Cloud OnRamp—part of its SD-WAN package—automates Cisco SD-WAN fabric extension from branch routers to Amazon VPCs. In addition, the integration with TGW Network Manager enables network visibility either through the Cisco vManage or AWS console. This provides a comprehensive view of the on-premises network, including the WAN, and the customer’s AWS network, Cisco says.
Adding support for Transit Gatewa Connect to its SD-WAN platform provides a number of new options to Cisco SD-WAN connectivity, according to Raj Gulani, senior director, product management for Cisco’s SD-WAN and Cloud Networking.
It enables setting up GRE tunnels instead of IPsec tunnels, which offer up to four times the bandwidth and eliminate the challenges and costs of establishing and maintaining a multitude of IPsec tunnels, Gulani said. Cisco said speeds of up to about 1.25Gbps are possible with the existing TGW implementation with multiple tunnels needed to reach that bandwidth. GRE is a standard tunneling protocol that facilitates encapsulation of a wide variety of packet types inside IP tunnels to create virtual point-to-point links.
“GRE is a much simpler and more elegant way of setting up links and tunnels and increasing capacity overall between the AWS resources,” Gulani said.
“In addition, the latest launch with AWS Transit Gateway Connect enables Cisco SD-WAN to significantly increase throughput up to twenty-fold. Customers can utilize a single orchestration platform from Cisco SD-WAN to consume AWS workloads across regions worldwide and extend enterprise segmentation policies into AWS,” said Mayumi Hiramatsu, vice president, Amazon EC2 Networking in a blog about Transit Gateway Connect.
By removing the need for public IP addresses, customers with strict security requirements can deploy the Cisco/AWS integration using only private IP addresses, significantly reducing attack surfaces.
Transit Gateway Connect also supports BGP for dynamic routing and removes the need to configure static routes thereby increasing the number of advertised BGP routes many times beyond the current 100-route limit. This simplifies network design and reduces the associated operational costs. In addition, integration with Transit Gateway Network Manager provides advanced visibility through global network topology, attachment level performance metrics, and telemetry data, according to AWS.
In addition to its SD-WAN software, Cisco says it plans to tie its Application Centric Infrastructure (ACI) software with Transit Gateway Connect. ACI runs on the company’s core data-center Nexus 9000 systems and delivers intent-based networking technology that lets customers automatically implement network and policy changes on the fly and ensure data delivery.
According to Cisco’s Srini Kotamraju, senior director of product management, Data Center Infrastructure, integrating Cloud ACI with AWS Transit Gateway Connect will result in higher throughput for hybrid-cloud traffic. “With AWS Transit Gateway Connect automation, multiple Cisco cloud service routers are able to connect to a single AWS Transit Gateway over higher throughput GRE tunnels,” Kotamraj said. In addition users will be able to set up more routes to AWS Transit Gateway, with no VPC subnet route-table automation required, he said.
“Customer are looking for a simpler way to connect to multicloud environments and ACI/AWS integration improves throughput, increases scale and load balancing. In addition, they can lower costs by eliminating the need to automate multiple AWS Transit Gateway instances for external site connectivity through CSRs,” Kotamraj said.
ACI integration with AWS Transit Gateway Connect may be a year away, but Cisco ACI is already integrated with AWS Transit Gateway. For example, ACI customers can now automatically set up, provision and manage workloads across AWS VPCs linked with Cisco ACI.
AWS says Transit Gateway Connect can simplify connecting branches and data centers to AWS, and also boost segmentation, scale bandwidth, and advertise routes granularly. “Customers deploying global networks on AWS can utilize a single orchestration, management, and visualization platform for their branch and data-center hybrid networks,” according to AWS.