AWS Transit Gateway vs Azure Virtual WAN vs GCP NCC: A Side-by-Side for Network Engineers Going Multi-Cloud

Every cloud provider has its own hub-and-spoke networking service, and they are not interchangeable. If you're a network engineer moving into multi-cloud — or already juggling VPCs across AWS, Azure, and GCP — this is the comparison I wish I'd had when I started. I'll map each cloud hub to concepts you already know (DMVPN, SD-WAN, VRF-lite), compare the routing models head-to-head, and show how Cisco SD-WAN Cloud OnRamp ties them together. The Mental Model: Cloud Hubs ↔ Traditional Networking Traditional Networking AWS Azure GCP Hub router Transit Gateway (TGW) Virtual WAN Hub Cloud Router Spoke site VPC attachment VNet connection NCC Spoke Route table TGW route table Hub route table Cloud Router routes BGP peering TGW Connect / Direct Connect ExpressRoute / VPN BGP Partner Interconnect BGP IPsec VPN Site-to-Site VPN VPN Gateway Cloud VPN Dedicated circuit Direct Connect (10Gbps) ExpressRoute Direct (100Gbps) Dedicated Interconnect (100Gbps) If you've configured a DMVPN hub or an SD-WA