Avatar

You’re convinced hosting your mission-critical applications on AWS public cloud is the right choice for your business. You need to host hundreds of web app, database, Oracle, SAP and Microsoft servers. How do you host these applications across many VPCs without having to create a networking nightmare?  Will a single VPC be able to scale to your demands? How about 2 VPCs? 10 VPCs? 200 VPCs? Or 500 VPCs? When you need to scale above 10 VPCs networking between regions and physical locations becomes a challenge. Managing VPN endpoints per VPC and creating a mesh network to communicate between all sites becomes complex and unmanageable. That’s why Amazon AWS came up with the “Transit VPC” Solution in order to solve the complexity of networking between VPC-to-VPC and VPC-to-physical locations. Using the most deployed  AWS network appliance, Cisco CSR1000v, the “Transit VPC” delivers a highly available network solution that centralizes security, firewall and routing functions within a single point that is scalable and easy to manage. AWS uses the CSR1000v because it is the only network appliance on AWS that delivers the necessary features to make “Transit VPC” work.

Cisco CSR1000v on AWS: http://www.cisco.com/c/en/us/td/docs/routers/csr1000/software/aws/csraws/awsinstall.html

What is the “Transit VPC”?

Think of it as a central or DMZ VPC where the admin spins up two CSR1000vs in high availability mode. The Transit VPC resources, CSR1000v machines and networking configurations are automatically created using a click to launch button that leverages AWS CloudFormation, S3 bucket and Lambda function. The automation script configures secure tunnels northbound from where spoke VPCs running your applications connect to the CSR1000v. The CSR1000v connects to physical locations via Direct Connect and overlay encrypted tunnels, or over the internet using IPSec tunnels.

Picture1Highlights:

  • AWS Transit VPC marketplace listing based on Cisco CSR1000v allows you to ‘click and launch”.
  • CloudFormation will automatically create the resources needed in the Transit VPC and launch the creation of the CSR1000v.
  • AWS Lambda function automatically pushes the high availability and tunnel configs down to the CSR
  • Spoke VPCs are automatically launched and configured from the Transit VPC GUI console.

The Transit VPC solution with the CSR1000v becomes the secure access point to any of your mission-critical workloads running in AWS. Only the admin and the users that the admin entitles for access are able to reach the applications. All the complexities of figuring out which technology and how to use them are simplified and users can securely connect. Headaches gone.

For more information on the AWS-Cisco based Transit VPC Solution see:

https://docs.aws.amazon.com/solutions/latest/cisco-based-transit-vpc/overview.html

Post Written By: Tony Banuelos, Product Manager for the CSR 1000v



Authors

Matthew Packer

Product Manager, Engineering

Platform Routing