4 Ways VNS3 Simplifies Transitive Routing in the Cloud

by | 19 Mar 2020

Transitive routing in the cloud has always had its challenges. Some providers simply don’t support it. Others have released services that appear to solve the issue. 

Both cases require workaround architectures to circumvent the issue. This means adding more moving parts, which increases complexity. 

Where there’s added complexity, there’s the potential for increased cost.

VNS3 is our Virtual Application Security Controller that allows you to create and control your own cloud edge and encrypt traffic to, through and between your chosen cloud provider or on-premises networks. It can also simplify complex network challenges, like transitive routing. 

So, What is Transitive Routing?

In short, it’s the ability for a computer in one network to communicate with a computer in another network that it isn’t directly linked (or peered) to. 

Here’s an example:

  • We have three networks, NetA, NetB, NetC. 
  • There’s a database in NetC
  • There’s a PC in NetA
  • NetA is connected to NetB
  • NetB is connected to NetC
  • The PC in NetA needs to connect to the database in NetC, to do this it would need to route its packets through NetB and on to NetC
  • NetC would need to route its response back through NetB and on to NetA. 
VNS3 AWS Transitive Routing Deployment

This would be a transitive routing topology, because NetA’s traffic “transit’s” through NetB and vice versa for NetC. 

Why not just peer them all together, you ask?

There’s any number of reasons it’s not feasible to peer all your virtual networks together. Here are a few:

Conflicting IP address ranges means it’s not technically possible. 

Number of networks, peering connections grow exponentially, this eventually becomes unmanageable.

You may have shared services, but need to isolate certain traffic.

If you have some other reasons that are preventing you from peering your networks, reach out to us contact@cohesive.net, we may be able to help!

4 Ways VNS3 Can Help With Transitive Routing

VNS3 combines the features of a router/switch/firewall/VPN concentrator/protocol redistributor and incorporates a plugin system, that allows you to embed any other application directly into your network.

  1. VNS3 as a cloud router, with IPSec tunnels between your networks you can create a centralised and secure gateway. This not only solves the transitive routing issue but gives you visibility and control of the traffic that passes in, out and through your network:
VNS3 Transit Ipsec deployment

2. Using VNS3’s overlay network you can deploy a unified address space that encompasses all your networks, whether there are 3 or 300, in the same cloud or between multiple cloud providers:

VNS3 AWS Overlay deployment

3. Use multiple VNS3’s in a peered mesh, this gives you all the benefits of the previous solutions, plus high availability:

VNS3 AWS Peering

4. Connect multiple VLANs across multiple cloud providers to maximize network performance and minimize latency between the deployments. Often times when spanning long geographic distances where you are not purchasing private links, jumping through cloud points-of-presence can provide a more performant solution.

VNS3 Multicloud

Conclusion

If you need to communicate between networks, across regions or even across cloud providers. The VNS3 Application Security Controller can help by providing a device that can connect your cloud assets seamlessly to each other. Either as a single device, multiple devices or as an entire isolated network above your current cloud network, networks or providers.

If you need help with your deployments or want to try VNS3 for free, contact us at contact@cohesive.net.