Can You Stretch On-Prem VLAN to AWS/Azure?

By Sunil Kishen
Vice President of Partnerships and Strategy, Aviatrix
March 11, 2017

In the datacenter, a VLAN can cross physical switches and form a logical L2 domain. Machines, VMs or hosts on this VLAN can communicate with each other irrespective of its physical location with private IP addresses. All is secure.

The question is: Can you stretch this VLAN to AWS or Azure?

Yes, you can.

Here is a diagram that shows how it can be done.

Aviatrix stretches your VLAN to public cloud

In the diagram at right, an Aviatrix virtual appliance is deployed on VLAN This VLAN is divided into sub-segments, for example,,, where each sub-segment is mapped and becomes the CIDR of VPC or VNET or Google Network. From datacenter point of view, this is as if VLAN is stretched to a number of public cloud environments. Servers in datacenter can talk to instances in public cloud as if they are on-prem, via private IP addresses.

This looks interesting.

Workload burst to cloud may be the first use case came to your mind. But in reality we have not found anyone actually doing workload burst.

Customers use this architecture to manage their hybrid cloud deployment and scaling, as an alternative approach to the traditional way of connecting an edge router/firewall appliance to public cloud.

What do they love it about? Many things.

  • It reduces standing up a hybrid cloud deployment time from weeks to minutes.
  • No more spreadsheet and fat figure mistakes. No more headache in dealing with unplanned cloud address space overlapping.
  • No more stress over configuring the on-prem edge device and worrying about downtime and business disruptions.
  • Centrally managing multiple accounts, enable you to do billing breakdown and charge back.
  • Scaling hybrid cloud now becomes a walk in the park. You are in total control, yet developers love you for how fast a new environment gets stood up for them, no more weeks of waiting.


Comments are closed for this post.

Latest Posts

The Cloud in 2019 and Beyond: More of the Same, Only Better
By Steven Mih, December 6, 2018

Understanding AWS VPC Egress Filtering Methods
By Khash Nakhostin, November 14, 2018

Implementing a Secure Transit DMZ Architecture with Next-Gen Firewalls
By Josh Hammer, October 16, 2018

Talking Innovation, Disruption and Software Defined Cloud Routing with Steve Mullaney
By Frank Cabri, September 28, 2018

Why the Economics of Adding a Network Engineer to the Cloud Engineering Team Doesn’t Add Up
By Neel Kamal, September 18, 2018

Top Tags

Active Directory (AD)Amazon Partner Network (APN)Amazon Virtual Private Cloud (Amazon VPC)Amazon Web Services (AWS)Amazon WorkSpacesApplication VisibilityAviatrix Cloud InterconnectAviatrix ControllerAviatrix FlightPathAviatrix Hosted ServiceAWS Direct ConnectAWS Egress ControlAWS VPNAzure ExpressRouteCasachekChefCiscoCisco Live 2018Cloud Architectscloud burstingCloud ComputingCloud Gatewaycloud governanceCloud MigrationCloud NetworkingCloudOpsCSRDevOpsEgress TrafficElon MuskEnterprise Strategy Group (ESG)GartnerGCP Next 16Google Cloud PlatformHub-and-Spoke NetworkHybrid CloudHyperFlex Multi-Cloud EcosystemInternational Data Corporation (IDC)Intrusion Detection System (IDS)Intrusion Preventions Systems (IPS)IPmotionJenkinsMalware DetectionMesh NetworkMicrosoft AzureMulticloudNetworking as a Servicenetworking infrastructureNiciraNoOpsNutanixNutanix CalmOpenVPN Access ServerPalo Alto NetworksPCI CompliancePci DssPublic CloudPublic Cloud NetworkingPuppetRemote AccessSD Cloud RouterSD-WANSoftware Defined Cloud RoutingSoftware-Defined Cloud RoutersSquidSSL VPN to AWSstorage and computeTransit DMZ Architecturetransit networkTransit VPCURL FilteringVirtual Cloud NetworkVirtual Desktop Infrastructure (VDI)Virtual RoutersVLANVMwareVPCVPC PeeringVPN