Site-to-Site Networking

Link Your Sites With the Same Post-Quantum Tunnel Your People Use

AegisWire site-to-site is a post-quantum, gateway-to-gateway mesh that links your locations across regions and clouds. Most SD-WAN and mesh products protect user devices with one protocol and link their own gateways with a weaker, older one. AegisWire does not. Every inter-gateway link runs the identical quantum-resistant cipher suite, handshake, self-healing key ratchet, and tamper-evident audit trail as every client session — one security contract, from the edge to the core, with no vendor lock-in.

Full CNSA 2.0 suite (US NSA) · UK NCSC-aligned — every customer, every packet

Request a Briefing How the Transport Works

Gateway · Region A

dedicated

AWT_UNIFIED

self-healing

Gateway · Region B

dedicated

Cipher suite same as client sessions

Key recovery automatic, per-N-packet ratchet

Peer trust deny-by-default, operator-authorized

Audit one chained, tamper-evident trail

One Cipher Suite, Edge to Core

The inter-gateway link is not a different, weaker product. It is the same protocol your people connect with.

Identical Post-Quantum Handshake

Site links negotiate keys with the same hybrid quantum-resistant handshake as client sessions — no downgraded inter-node protocol to attack.

Full-Duplex, Bidirectional

Traffic flows both ways over a single peered link with independent, replay-protected streams in each direction — not a one-way forwarder.

One Audit Contract

Inter-gateway forwarding writes to the same chained, tamper-evident audit trail as everything else. No blind spot between your sites.

How a Federation Edge Comes Up

The unit of configuration is a federation edge — a destination prefix, a direction, and the peer gateway it is reachable through. Each gateway then dials its peer with the ordinary post-quantum client handshake.

STEP 1

Authorize the peer

The platform operator pre-authorizes which peer scopes a tenant may federate with. Without that authorization, no edge can be created — federation is deny-by-default.

STEP 2

Define the edge

A tenant admin names the reachable subnet, direction, and peer scope. The control plane compiles it into a signed interdomain_route_set — cross-site forwarding only ever happens for routes inside that signed policy.

STEP 3

Dial the peer

Each gateway dials its peer as a full unified client over the same §19.7 handshake, pinning the peer's exact server identity. A mismatched or unsigned peer is refused at admission.

STEP 4

Forward, residency-aware

Packets destined for a peer's subnet ride the encrypted inter-gateway tunnel instead of egressing to the internet. The residency zone each gateway will serve is requested and enforced, so traffic stays where policy says it must.

Self-Healing Links

A compromised key on a site link cannot become a foothold across your whole network. The link's keys re-derive automatically every few packets, so the window any single key protects is tiny and the link recovers on its own — without an operator, without dropping the tunnel, and without a human in the loop.

Continuous key ratchet
Forward-secret rekeying on a fixed packet cadence — past traffic stays protected even if a current key leaks.
Recovers without teardown
The link re-synchronizes itself in flight; site-to-site traffic keeps moving through the recovery.
Blast-radius contained
If one peer connection is compromised, the ratchet keeps the rest of the federation from being exposed.

Link Properties

EncryptionQuantum-resistant, always on

RekeyingAutomatic, per-N-packet

DirectionFull-duplex

Peer admissionDeny-by-default

RecoveryIn-flight, no teardown

Deny-by-Default Federation Trust

A gateway never peers with another just because it can reach it. Every link is explicitly authorized.

Peer scopes are pre-authorized by the platform operator — a tenant cannot create a federation edge to an unapproved peer.

Every peer link is signed and identity-bound; an unsigned or mismatched peer is refused at admission.

Authorization decisions are audited — who approved which peer scope, and when.

Revoking a peer authorization closes the link — federation membership is centrally controlled, not standing.

Where Site-to-Site Fits

The same mechanism scales from a two-region link to a hub with hundreds of branch spokes — each edge is one signed route entry.

Multi-Region Enterprise

A gateway in each region — a London office and a New York data centre, say. Clients behind one reach the private subnet behind the other across the encrypted inter-gateway tunnel, instead of egressing to the public internet. Residency stays under your control.

Hybrid & Multi-Cloud

Peer a gateway in one cloud with a gateway in another — or with on-premises — over one post-quantum mesh. Because every link is the same handshake, the cloud underneath is an implementation detail, not a security boundary you have to reason about.

Branch Interconnect

A head-office gateway with many branch gateways — for example a bank's central site and its branches. Branches reach central services; selected branches reach each other. Each branch edge is one signed, individually-revocable route, so membership is centrally controlled, never standing.

No Vendor Lock-In

Gateways run across multiple infrastructure providers — AWS and Vultr today — and a single customer can mix them in one mesh. The federation contract is the post-quantum transport, not any one cloud, so a peer link between an AWS region and a Vultr region is the identical handshake as any other. Control planes run on managed Fargate; gateways go where you need the residency and the economics.

Provider-neutral peering
Every gateway feature is built for both vendor paths — cross-cloud federation is a first-class case, not a workaround.
Residency-aware placement
Choose the region each gateway serves; the requested residency zone is enforced at the gateway, so data stays where policy requires.
One operational surface
Provision, authorize, and revoke edges from the same control plane regardless of the cloud underneath each gateway.

Federation Contract

CloudsAWS & Vultr, mixable

Link protocolSame as client sessions

TopologyTwo-region to hub-and-spoke

RoutingSigned, residency-aware

MembershipCentrally revocable

Part of the Platform

Watched by the Sentinel defense plane

Inter-gateway forwarding is observable to the same Sentinel AI defense plane that watches client sessions — co-designed with the transport, not a generic UEBA layer bolted on. It reasons over a risk lattice and escalates along a defined action ladder, so a federation link is never a monitoring blind spot.

Detector families spanning streaming-statistical, threat-intel, posture & adversarial signals

Graduated action ladder from Observe through to Emergency response

Privacy-preserving: operates without inspecting tunnel payload content

One tamper-evident audit trail across client and peer links alike

Want the deep dive? See the platform overview for the transport, the SDK, and the Sentinel defense plane together.

Connect Your Sites the Quantum-Safe Way

Request a briefing on the AegisWire site-to-site architecture, federation trust model, and deployment path.

Request a Briefing See Deployment Models