Skip to main content

About Stax Networks

Stax Networks provides a simple and flexible way of deploying AWS network topologies. AWS offers a wide variety of products that form the building blocks of a secure and advanced cloud network. Stax configures these products for you based on your needs and safely and securely manages the deployment of your AWS network. Stax Networks service provides the foundations you need to connect your AWS resources with other Workloads, on-premises data centers and other distributed networks.

networking_architecture.png

Is Stax Networks for You?

Setting up a network in AWS can be challenging and requires a specialist skill set. Based on years of experience in deploying networks in AWS for companies ranging from mid to large enterprise, Stax has identified some common use cases faced by clients and formed a pattern to handle the challenging tasks that are often required to meet regulatory, compliance, and other industry standards. These include:

  • Centralized network management

  • Security and access controls

  • Private hosted zones

  • On-premises connectivity

  • Management of diverse operating systems

  • Forwarding and routing solutions

  • Internal DNS resolution

If you find yourself looking for a networking solution that will grow with your business, Stax Networks is for you.

About Stax Networks

The Stax Networking service is comprised of two main components:

networking_service_components.png

Stax Roles Needed to Use the Networking Service

All Stax roles have permission to view Stax Networking Hubs, CIDR Ranges, Exclusions and VPCs. In addition to this, the User role allows Stax users to create and update VPCs, whilst the Admin role allows full create, edit and delete access across all Stax Networks components. To find out more, visit Stax Permissions.

Advanced Network Settings

DNS Names

When connecting your Stax VPCs to your on-premises data centers, your DNS requests need to find their way to the correct host. The Stax DNS solution uses Private Hosted Zones and Amazon Route 53 Resolver endpoints to route traffic between your VPCs and host. DNS resolution between VPCs can be done by assigning a Private Hosted Zone (PHZ) suffix to your Networking Hub and a PHZ prefix to your VPCs without needing to configure DNS rules and associate them within AWS. These two fields will essentially create the Private Hosted Zone domain named called {phz_prefix}.{phz_suffix}. For example, my-vpc.company.cloud would be the PHZ name used for the VPC.

PHZs are shared across all VPC types which have the exact same rules as the transit gateway routing.

Once domain names have been assigned, Stax will manage the routing of traffic in an Amazon VPC and manage your Amazon Route 53 Hosted Zone records.

ASN for Transit Gateway

If using AWS Direct Connect or VPN to connect your on-premises network to AWS, you will need to set an Autonomous System Number (ASN) for your Transit Gateway. AWS Direct Connect and VPN require an ASN to create a public or private virtual interface. This sets the ASN on the Amazon side of the BGP (Border Gateway Protocol) session for VPNs and AWS Direct Connect private VIFs.

During Hub creation, you can set your own private ASN for your TGW. This is a number in the range of 64512 and 65535. This can be done via the Stax API or console. If a value is not set, Stax will set the ASN a default value of 64512 and each subsequent hub created will increment by one.

ECMP Support

Equal Cost Multi-Path (ECMP) is a routing strategy where packets are forwarded along multiple paths of the same cost with the aim of achieving even distribution of traffic.

You may want to use ECMP routing when connecting your Stax Networking Hub and your on-premises network over multiple VPN connections. If connections advertise the same CIDRs, the traffic is distributed equally between them. Enabling ECMP over multiple VPN tunnels also delivers traffic load balancing at scale beyond the default throughput of 1.25 Gbps.

During Hub creation, you can configure ECMP Support on your Stax Transit Gateway. Ensure that your on-premises gateway or router is also ECMP-enabled. Once set at Hub creation, you cannot change your ECMP configuration.

Tagging Networking Resources

All underlying resources used for the Networking Hub and VPCs can be tagged for resource identification, cost management and can be used for CI/CD and automated triggers. These tags are defined at the Networking Hub and VPC level via the Stax API or console.