Scribd
Upload
625 views22 pages

AWS Transit Gateway Presentation Slides PDF

This document provides an overview and objectives for a course on AWS Transit Gateway. The course will teach students how to: 1. Create VPCs, subnets, route tables and EC2 instances needed for Transit Gateway implementations. 2. Understand and implement Transit Gateway concepts like attachments, associations and propagations. 3. Demonstrate three scenarios - using default route tables, sharing the Transit Gateway across accounts, and using custom route tables to control connectivity between VPCs. The course structure includes sections on introduction to Transit Gateway, prerequisite environment setup, creating a Transit Gateway with default routes, sharing the Transit Gateway across accounts, and using custom route tables.

Uploaded by

Karthik Reddy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
625 views22 pages

AWS Transit Gateway Presentation Slides PDF

This document provides an overview and objectives for a course on AWS Transit Gateway. The course will teach students how to: 1. Create VPCs, subnets, route tables and EC2 instances needed for Transit Gateway implementations. 2. Understand and implement Transit Gateway concepts like attachments, associations and propagations. 3. Demonstrate three scenarios - using default route tables, sharing the Transit Gateway across accounts, and using custom route tables to control connectivity between VPCs. The course structure includes sections on introduction to Transit Gateway, prerequisite environment setup, creating a Transit Gateway with default routes, sharing the Transit Gateway across accounts, and using custom route tables.

Uploaded by

Karthik Reddy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 22

AWS VPC Transit Gateway

Kalyan Reddy Daida


Course Objectives
• Understand the importance of Transit Gateway and problems it solve when
compared to VPC peering connections, VPN Connection features
• Create VPC, Subnets, Route Tables and EC2 VMs required for Transit Gateway
• Understand and implement Transit Gateway concepts (Attachments, Association
and Propagation)
• Scenario#1: You will learn practically implementing Transit Gateway with default
route tables which are auto generated (Full Mesh Architecture)
• Scenario#2: You will learn practically implementing Transit Gateway sharing
across cross accounts to enable connectivity to cross account VPC's.
• Scenario#3: You will learn practically implementing Transit Gateways with custom
Route Tables (Control the connectivity between VPC's using TGW Route Tables)
• You will learn practically implementing AWS Resource Access Manager basics
when implementing cross account transit gateway sharing.
Course Structure
 Section#1: Transit Gateway Introduction
 Section#2: Pre-requisite Environment Setup
 Section#3: Create Transit Gateway with Default Route Table
 Section#4: Share Transit Gateway with Other AWS Accounts (Cross
Account Sharing)
 Section#5: Transit Gateway with Custom Route Tables
Section#1: Transit Gateway Introduction
• Before Transit Gateway
• VPC Peering
• Transit VPC with IPsec
• VPN Connection per VPC
• After Transit Gateway
• Lot of things solved with single Transit Gateway.
B ef o re : V P C P e erin g

A 1 B Destination
B
Target
Local
A PCX-1
C PCX-2
3 D PCX-3
E PCX-4
2 4

C
D E
Full mesh: How many Amazon VPC Peering
connections do I need (full mesh)?

n(n-1)
10 VPC = 45 VPC peering 2 Static routes per Amazon
connections VPC route table
100
100 VPC = 4500 VPC peering Amazon VPC Peering
connections connections per Amazon VPC
125
B e f o r e : T r a n s i t V P C wi t h I P S e c

A B Destination
B
Target
Local
0.0.0.0/0 VGW

D E
I P S e c b e t w e e n V P C s ( l i m i ts a p p l y )
B e f o r e : V P N C o n n e ct io n p e r V P C

B On-Premises

I P S e c b e t w e e n V P C s ( l i m i ts a p p l y )

C
Amazon VPC Peering for Instance based VPN Connection
full mesh connectivity Transit Amazon VPC per Amazon VPC

VPC

VPC

B On-Premises

VPC
IP S ec b e t w e e n V P C s ( li m i t s a p p ly )

C
1.25Gbps per VPN Connection
with ECMP
*With ECMP, you can distribute traffic over multiple tunnels,
e.g.8 tunnels = 10Gbps

Multiple TGW route tables for 50 Gbps of bandwidth per


finer routing control attachment per availability zone
After TGW
TGW is a region level
construct today

Up to 5000 Amazon VPC


10,000 routes per TGW attachments per TGW

Centralized hub for routing between


Amazon VPCs and on-premises to AWS
A f t e r : A W S T r a n s i t G a t e w a y (T G W )

A B
1 2

3 TGW 4

On-Premises
C
A tta ch m en t A s s o c ia t io n P ro p a g a t io n
The connection from a The route table used to The route table where the
Amazon VPC and VPN to route packets coming from attachment’s routes are
a TGW an attachment (from an installed
Amazon VPC and VPN)
What are we building?
Cross Account Sharing
DEV
SHARED

T2 instance
T2 instance

CADEV

T2 instance

Transit Gateway

QA

T2 instance

AWS Account #1 AWS Account #2


Scenario #1: Default Route Table

DEV
SHARED

T2 instance
T2 instance

Transit Gateway

QA

T2 instance
Scenario #2: Share Transit Gateway with Cross Account

DEV
SHARED Cross Account Sharing
T2 instance
T2 instance

CADEV

T2 instance

Transit Gateway

QA

T2 instance
AWS Account #1: Stack Simplify AWS Account #2: Stack Next
Share Transit Gateway with Cross Account
• AWS Accounts
• First Account: Stack Simplify
• Second Account: Stack Next
• Step#1: Create Resource Shares
• First Account: Create Resource Share using AWS Resource Access Manager
• Second Account: Accept the Resource Share
• Step#2: Second Account: Create VPC, Subnet, Routes, IGW & EC2 VM
• Step#3: Create VPC Attachment
• Second Account: Create VPC Attachment
• First Account: Accept the VPC Attachment
• First Account: Verify the Association, Propagation & Routes for Cross Account Dev
VPC.
• Step#4: Perform the telnet tests.
Transit Gateway – Custom Route Tables
• AWS Accounts
• First Account: Stack Simplify
• Second Account: Stack Next
• Step#1: Clean up current associations in default route table
• Step#2: Implement Custom Route Table between Dev & QA VPC
• Step#3: Implement Custom Route Table between Dev & shrd VPC
• Step#4: (Cross Account Custom Route) Implement Custom Route Table
between qa & cadev VPC
• Step#5: Perform Negative Tests
• dev to cadev  should fail
• qa to shrd  should fail
• cadev to dev  should fail
• Cadev to shrd 
Scenario #3: Transit Gateway – Custom Route Tables Cross Account Sharing
DEV
SHARED

T2 instance
T2 instance

CADEV

T2 instance

Transit Gateway

QA

T2 instance
AWS Account #1: Stack Simplify AWS Account #2: Stack Next
Transit Gateway – Custom Route Tables
• AWS Accounts
• First Account: Stack Simplify
• Second Account: Stack Next
• Step#1: Clean up current associations in default route table
• Step#2: Implement Custom Route Table between Dev & QA VPC
1. Create Route Table – dev-rt
1. Create Association – Dev VPC Attachment
2. Create Propagation – QA VPC Attachment
3. Verify Routes
2. Create Route Table – qa-rt
1. Create Association - QA VPC Attachment
2. Create Propagation - Dev VPC Attachment
3. Verify Routes
3. Test Connectivity between Dev and QA
Transit Gateway – Custom Route Tables
• Step#3: Implement Custom Route Table between Dev & shrd VPC
1. Create Route Table – dev-rt  Already exists
1. Create Association – Dev VPC Attachment  Already exists
2. Create Propagation – shrd VPC Attachment
3. Verify Routes
2. Create Route Table – shrd-rt
1. Create Association - shrd VPC Attachment
2. Create Propagation - Dev VPC Attachment
3. Verify Routes
3. Test Connectivity between Dev and SHRD
Transit Gateway – Custom Route Tables
• Step#4: (Cross Account Custom Route) Implement Custom Route
Table between qa & cadev VPC
1. Create Route Table – qa-rt  Already exists
1. Create Association – QA VPC Attachment  Already exists
2. Create Propagation – cadev VPC Attachment
3. Verify Routes
2. Create Route Table – cadev-rt
1. Create Association - cadev VPC Attachment
2. Create Propagation - qa VPC Attachment
3. Verify Routes
3. Test Connectivity between QA and CADEV
Transit Gateway – Custom Route Tables
• Step#5: Perform Negative Tests
• dev to cadev  should fail
• qa to shrd  should fail
• cadev to dev  should fail
• cadev to shrd  should fail

You might also like