Академический Документы
Профессиональный Документы
Культура Документы
Gateway
Nick Matthews Mohamed Hassan
Principal Solutions Architect Senior Product Manager
AWS EC2 Networking, AWS
@nickpowpow @mohnader
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
What is Transit Gateway ?
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Introducing AWS Transit Gateway
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Before Transit Gateway
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Getting Started with Transit
Gateway
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Scenario
AWS Cloud
On-Premise
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Four VPC’s
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Create a Transit Gateway
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Create a Transit Gateway
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Create VPC Attachments
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Create VPC Attachments
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
View VPC Attachments
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Transit Gateway Route Table
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Update VPC Route Tables
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Scenario
AWS Cloud
On-Premise
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Test Connectivity
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Scenario
AWS Cloud
On-Premise
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Create a VPN Attachment
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Download the Configuration
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Complete – VPN UP
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Complete – VPC to the CGW via VPN
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Complete – view from the CGW
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Transit Gateway Basics
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Attachment Association Propagation
The connection from a The route table used to The route table where the
Amazon VPC and VPN to route packets coming from attachment’s routes are
a TGW an attachment (from an installed
Amazon VPC and VPN)
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Attachments – VPC’s
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Attachments – VPC’s
10.1
VPC
att-red att-blue
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Attachments – ”associated” route table
10.1
VPC
att-red att-blue
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Attachments – “propagation” of routes
10.1
VPC
att-red att-blue
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Attachments – ‘associated & propagated route
table’
att-red att-blue
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Attachments – TGW Route Table is complete
10.1
VPC
att-red att-blue
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Attachments – VPC’s Route Tables
10.1
VPC
att-red att-blue
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
The Default
10.1
VPC
att-red att-blue
On-Premise
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Routing Domains
att-blue
10.1
VPC
att-red
On-Premise
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Transit Gateway Use Cases
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Use Case 1: Shared Services with Transit Gateway
VPCs attach to a route table with
routes to shared resources
Route Destination
VPC 10.0.0.0/8 VPN
10.4.0.0/16 vpc-att-4xxxx
Transit Gateway
Shared Route Destination Route Destination
10.1.0.0/16 vpc-att-1xxxx 10.3.0.0/16 vpc-att-3xxxx
services + VPN
10.2.0.0/16 vpc-att-2xxxx 10.4.0.0/16 vpc-att-4xxxx
VPN
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Use Case 2: Outbound Internet with NAT Gateway
VPC A VPC B
10.1.0.0/16 10.2.0.0/16 Spoke route table Outbound VPC route table
Route Destination Route Destination
10.2.0.0/16 Local 100.64.0.0/16 Local
0.0.0.0/0 tgw-xxxxxxxxx 10.0.0.0/8 tgw-xxxxxxxxx
0.0.0.0/0 igw-xxxxxxxxx
Apply SNAT
outbound to the
internet
SNAT
Transit Gateway
SNAT
Route Destination
0.0.0.0/0 ngw-xxxxxxx
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
VPC Attachment route table, per AZ
Use Case 3: Outbound services VPC
VPC A VPC B
10.1.0.0/16 10.2.0.0/16 Spoke route table Outbound VPC route table
Route Destination Route Destination
10.2.0.0/16 Local 100.64.0.0/16 Local
0.0.0.0/0 tgw-xxxxxxxxx 10.0.0.0/8 tgw-xxxxxxxxx
0.0.0.0/0 igw-xxxxxxxxx
Transit Gateway
SNAT
VPC A
10.1.0.0/16 Spoke route table Edge VPC route table
SNAT
Route Destination Route Destination Edge VPC
10.1.0.0/16 Local 100.64.0.0/16 Local 100.64.0.0/16
0.0.0.0/0 tgw-xxxxxxxxx 10.0.0.0/8 tgw-xxxxxxxxx
SNAT Only stateful
0.0.0.0/0 igw-xxxxxxxxx services require
Can be a summary or
default route in each VPC NAT
SNAT
ECMP
VPN
Tunnels
and BGP
Many Prefixes Edge VPC VPN 10.1.0.0/16 vpc-att-a
Data Center, Branches,
Clients, etc.
VPC route domain Edge route domain Use cases:
Transit Gateway
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Future plans and Conclusion
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Future Plans
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Transit Gateway
• Routing • Security
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
FAQ
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Related Material
• Product Page
https://aws.amazon.com/transit-gateway/
• Documentation
https://docs.aws.amazon.com/vpc/latest/tgw/
• NET331 : Introducing AWS Transit Gateway (300 Level Deep
Dive)
https://youtu.be/yQGxPEGt_-w
• NET402 : Transit Gateway : Reference Architectures for Many
VPC’s
https://youtu.be/ar6sLmJ45xs
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Thank you, questions?
tgw-feedback@amazon.com
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.