Are You Using Many Cloud Providers?

It is really just a matter of time when the cloud VNET/VPC starts to grow really fast and getting more complex to manage the traffic between them. With the great number of VNets/VPCs come with great peering responsibility (pun intended), it doesn’t always easy to deploy or manage such many to many peering. Granted there is a workaround to use a transit hub but it’s still lacking control and security measurement.

Now, with the growing number of solution providers, it’s not surprising that a company will eventually have all of AWS, GCP, and Azure private links where each has a different way of doing things and unsurprisingly, each of the providers doesn’t intend to be able to communicate to another.

To put it simply, it is hard to manage communications between VNets/VPCs and even harder to make them communicate to different vendors.

Aviatrix has the solution for this by using a transit hub on each cloud provider and connecting these hubs together so that each cloud solution provider (CSP) could communicate to the different cloud providers. The design is simple, repeatable, and scalable. And this is how it all started, the idea is to have a solution that is consistent across multiple cloud providers and make them able to talk to each other.

Wait, there is more.

See that the company has many business units (BU) and each BU owns separate and multiple VNets/VPCs on each CSP. This is looking for access segmentation where, for example, accounting department VNets/VPCs only want to talk to the same accounting department instances in different CSPs. Now it adds another layer of complexity where segmentation is required to compartmentalise access between CSP.

What about the operational team that keeps the motor running and make the users happy (truth is, not many users are happy). Each CSP has a different tool for troubleshooting but since the cloud networking is actually an SDN solution, the troubleshooting tools are quite limited if not even non-existence. The secret sauce of how one instance could talk to another instance is not necessarily available to the public and the networking standard and rules mostly don’t apply (This just reminds me how the LB in Azure works). If we (we means network engineers, who are usually blamed for the root cause – just because no one else knows why!) are usually relying on PING, Traceroute, packet capture, and routing table, these tools are not always available on the point we need it.

Now, back to Aviatrix I’ve mentioned before. It connects multi-cloud, can enforce security measurement including segmentation, it also has the tools (and plenty more) to assist troubleshooting. Sure, it has plenty more benefits than just the three I just mentioned and if you’re interested, just jump to this page for more technical information.