AWS, Cloud Computing

6 Mins Read

Simplifying Your AWS Network Architecture with Transit Gateway

Introduction to AWS Transit Gateway

As your cloud infrastructure expands globally you need to find out a way to connect your resources which are in different VPCs. A Transit Gateway is a network hub that you can use to interconnect your virtual private clouds (VPCs) and on-premises networks. It is like a hub and spoke design or star topology design for connecting VPCs and on-premises networks. Transit Gateway allows customers to connect thousands of VPCs together. It is a regional service. It gives you simplified connectivity to the multiple VPC as compared to a complex VPC peering connection. Traffic between VPC and Transit Gateway remains on the AWS global private network and is not exposed to the public internet. Transit Gateways in different regions can peer with each other to enable VPC communications across regions. Transit Gateway inter-Region peering encrypts all traffic, with no single point of failure or bandwidth bottleneck which helps you to get improved security.

Transit Gateway Concepts

The following are the key concepts for Transit Gateways:

  • Attachments — You can attach the following to the Transit Gateway:
    • One or more VPCs
    • An AWS Direct Connect gateway
    • A peering connection with another Transit Gateway
    • A VPN connection to a Transit Gateway
  • Transit Gateway route table — A Transit Gateway has a default route table. A route table includes dynamic and static routes that decide the next hop based on the destination IP address of the packet. The target of these routes is the Transit Gateway attachment. By default, Transit Gateway attachments are associated with the default transit gateway route table.

Route propagation — A VPC, VPN connection, or Direct Connect gateway can dynamically propagate routes to a Transit Gateway route table.

  • Cloud Migration
  • Devops
  • AIML & IoT
Know More

How do Transit Gateways Work?

Transit Gateway acts as a virtual router for traffic flow between your virtual private clouds (VPCs). The packets are sent from one VPC to another VPC through Transit Gateway. Routing from a Transit Gateway operates at layer 3.

The following diagram shows a Transit Gateway with three VPCs in the same region. The route table for each of the three VPCs includes the local route and routes that send traffic for the other two VPCs through the Transit Gateway.

Source: https://docs.aws.amazon.com/vpc/latest/tgw/how-transit-gateways-work.html#architecture-diagram

Architecture for Connecting 3 VPCs in a Different Region

Transit Gateway route table for the attachments shown in the above diagram:

Destination Target Route Type
VPC A CIDR Attachment for VPC A Propagated
VPC B CIDR Attachment for VPC B Propagated
VPC C CIDR Attachment for VPC C Propagated

 

Working with Transit Gateway

The following diagram shows a Transit Gateway with VPC attachments in a different region.

You can create, access, and manage the Transit Gateway using any of the following methods:

  • AWS Management Console — It provides a graphical user interface that you can use to access your Transit Gateways.
  • AWS Command Line Interface (AWS CLI) — It provides commands for AWS services, including Amazon VPC, EC2, S3, and the commands are supported on Windows, macOS, and Linux.

AWS SDKs — It provides language-specific API operations and removes the complexity of the coding. It is used for Amazon S3, Amazon EC2, DynamoDB, and more.

Step by Step Guide for Working with Amazon Transit Gateway

  1. Create 2 VPC with one public subnet-

   a. Login to AWS management console and go to VPC service, in the VPC dashboard click Launch VPC Wizard

b. Select VPC, subnet, under Auto-generate option, gives a name to the VPC, under IPV4 CIDR block give VPC CIDR as- 10.0.0.0/16

c. Select Availability Zone 1, number of public subnets 1, number of private subnet 0.

d. Select NAT Gateway to None, VPC endpoint to None, and enable DNS hostname and DNS resolution. Then click on create VPC.

e. Follow the same step from (a) to (c) to create one more VPC with name B and CIDR block 10.1.0.0/16

2)Create the Transit Gateway.

a. In VPC service select Transit Gateway, click create Transit Gateway.

b. Under the name tag give the name TG1, under description put AVPC-BVPC-TG.

c. Keep other options default and click on Create Transit Gateway.

3) Create a Transit Gateway Attachment.

a. Under the Transit Gateway option in VPC service click on Transit Gateway attachment and then select create Transit Gateway attachment.

b. Under the name tag give a name to any of your attachment, in Transit Gateway ID select the Transit Gateway which you created in step 3 (a), in the Attachment type select VPC.

c. In VPC ID select A-VPC, in Subnet IDs select A-subnet-public1-us-est-1a.

d. Keep other options default and select create Transit Gateway attachment.

e. Follow the same step to create the Transit Gateway attachment for B-VPC

f. Your transit gateway attachment console should look like the below.

4) Update the route table of both VPC with the entry of the Transit Gateway attachment.

a. Under VIRTUAL PRIVATE CLOUD in VPC service go on route table select A-rtb-public click on Routes click on edit routes.

b. In Destination give the CIDR block of B-VPC which is 10.1.0.0/16, in Target select Transit Gateway then select Transit Gateway attachment AVPC-TG, click on save changes.

c.Under VIRTUAL PRIVATE CLOUD in VPC service go on route table select B-rtb-public click on Routes click on edit routes.

d. In Destination give the CIDR block of A-VPC which is 10.0.0.0/16, in Target select Transit Gateway then select Transit Gateway attachment BVPC-TG, click on save changes.

 

AWS Transit Gateway Pricing

The Transit Gateway is charged on an hourly basis. You get charged for the number of connections or attachments that you make to the Transit Gateway per hour and the amount of traffic that flows through AWS Transit Gateway. Data processing charges apply per gigabyte sent from a VPC, Direct Connect, or VPN to the AWS Transit Gateway.

As an example, if you have a Transit Gateway in Ohio(us-east-2) region and an Amazon VPC is attached to it then the pricing will be like below:

Sr No. Cost Factor Cost
1 Price per AWS Transit Gateway attachment ($) $0.05
2 Price per GB of data processed ($) $0.02

 

Get your new hires billable within 1-60 days. Experience our Capability Development Framework today.

  • Cloud Training
  • Customized Training
  • Experiential Learning
Read More

About CloudThat

Consulting Partner, AWS authorized Training Partner, Microsoft Gold Partner, and Winner of the Microsoft Asia Superstar Campaign for India: 2021. Our team has designed and delivered various Disaster Recovery strategies to our customers.

We are on a mission to build a robust cloud computing ecosystem by disseminating knowledge on technological intricacies within cloud space. Our blogs, webinars, case studies, and white papers enable all the stakeholders in the cloud computing sphere to advance in their businesses.

To get started, go through our Expert Advisory page and Managed Services Package that is CloudThat’s offerings. Then, you can quickly get in touch with our highly accomplished team of experts to carry out your migration needs. Feel free to drop a comment or any queries that you have about Audio-to-text Automated Conversion, AWS Transcribe, or any other AWS services we will get back to you quickly.

FAQs

1. Can I connect Amazon VPCs with the same CIDRs to the Transit Gateway?

ANS: – Ans: AWS Transit Gateway does not support routing between Amazon VPCs with the same CIDRs.

2. How many AWS Transit Gateways can you create per AWS account?

ANS: – Ans: The default quota for the Transit Gateway per AWS account is 5. This quota is adjustable using the AWS support case.

3. Does AWS Transit Gateway Connect supports IPv6?

ANS: – Ans: Yes, AWS Transit Gateway Connect supports IPv6.

WRITTEN BY Mahek Tamboli

Share

Comments

  1. Sheeja narayanan

    Jun 21, 2022

    Reply

    Thanks for detailed steps

  2. THIAGO

    Jun 21, 2022

    Reply

    Does Transit Gateway supports redundant routes?
    Example:
    IF peering from tgw1 to tgw 2 lost connection, tg1 one would route traffic to tgw2 by tgw 3

    Example:
    network1

    • Mahek Tamboli

      Jun 21, 2022

      Reply

      Tg1-Tg2, Tg2-Tg3, Tg1-Tg3 is a peering connection which is on AWS backbone network so the high avaibility of that peering is taken care by AWS, and it is highly available, and if any failure happen in peering link between transit gateway( chances are not there) we have to update Route Table

  3. Sonali Shelke

    May 7, 2022

    Reply

    It is more informative and perfectly explained,blog gives more brief details about AWS…Thank you for the blog.

  4. Hitesh

    May 7, 2022

    Reply

    Really interesting blog ; It gives more clearity of concept.

  5. Faizan Memon

    May 6, 2022

    Reply

    Very well explained.

  6. Jagruti

    May 5, 2022

    Reply

    Excellent explanation

  7. Sanket Kulkarni

    May 5, 2022

    Reply

    Thank you for the blog. It is helpful for person to get a good idea about technology and how to set it up.

    • Akshay Lawate

      May 5, 2022

      Reply

      Very nice blog.. It is much more sufficient to gain proper knowledge of AWS training.

  8. Guruprasad

    May 5, 2022

    Reply

    Excellent and very good and it is very informative

  9. Click to Comment

Get The Most Out Of Us

Our support doesn't end here. We have monthly newsletters, study guides, practice questions, and more to assist you in upgrading your cloud career. Subscribe to get them all!