Create a transit gateway
Hello Everyone
Welcome to CloudAffaire and this is Debjeet
In the last blog post, we have created site to site VPN connection between AWS cloud and on premise network.
https://cloudaffaire.com/create-a-site-to-site-vpn-connection/
We are almost done with VPC introductory series and in this blog post we are going to create a transit gateway between four VPC for VPC interconnectivity. Below is the configuration diagram for this demo.
Transit gateway:
A transit gateway is a network transit hub that you can use to interconnect your virtual private clouds (VPC) and on-premises networks.
Components of transit gateway:
- Attachment: You can attach a VPC or VPN connection to a transit gateway.
- Route table: A transit gateway has a default route table and can optionally have additional route tables. A route table includes dynamic and static routes that decide the next hop based on the destination IP address of the packet. The target of these routes could be a VPC or a VPN connection. By default, the VPCs and VPN connections that you attach to a transit gateway are associated with the default transit gateway route table.
- Route Associations: Each attachment is associated with exactly one route table. Each route table can be associated with zero to many attachments.
- Route propagation: A VPC or VPN connection can dynamically propagate routes to a transit gateway route table. With a VPC, you must create static routes to send traffic to the transit gateway. With a VPN connection, routes are propagated from the transit gateway to your on-premises router using Border Gateway Protocol (BGP).
Prerequisite for this demo:
Four VPC hosting 4 EC2 instances.
We already created the four VPC’s in same region and our 1st VPC has a public subnet and rest has private subnet.
If we ping across VPC, the ping will not respond as no connection present between VPC’s.
Next, we are going to create a transit gateway for VPC’s interconnectivity.
Create a transit gateway:
Step 1: Login to AWS console and navigate to ‘VPC’.
Step 2: Navigate to ‘Transit Gateways’ and click ‘Create Transit Gateway’.
Step 3: Provide a name and description for your transit gateway and click ‘Create Transit Gateway’.
One success message will be displayed, click ‘Close’.
Our transit gateway successfully created.
Next, we are going to attach all the VPC’s one by one to this transit gateway.
Step 4: Navigate to ‘Transit Gateway Attachments’ and click ‘Create Transit Gateway Attachment’.
Step 5: Select your transit gateway, VPC and subnet. Click ‘Create Attachment’.
One success message will be displayed, click ‘Close’.
Step 6: Repeat previous step for rest of the three VPC’s.
AWS will automatically handle the routing part for these attachments
But we need to add this transit gateway manually in our VPC’s route table section.
Step 7: Navigate to ‘Route Tables’, select any one VPC and click ‘Edit routes’ located under ‘Routes’.
Step 8: Click ‘Add route’ and in destination, provide a CIDR that covers all the VPC CIDR range. Transit gateway will be the target.
Repeat this for rest of the three VPC’s.
Our transit gateway is ready for use, if you try to ping now, it will respond.
Hope you have enjoyed this article. We are done with VPC introductory series. There are other advance part of VPC that is intentionally left out from this series and will be covered in future blogs. Currently our focus is to complete introductory series for almost all the services. In the next blog we will start with a new AWS service.
To get more details on VPC, please refer below AWS documentation
Arindam
7 Feb 2019My first tutorial in your site! Thanks.