AWS Transit Gateway — Discard VPC Peering
AWS Transit Gateway is a service that allows Virtual Private Clouds(VPCs) and on-premises networks to be connected to a single centralized gateway, there by get rid mesh of multiple end-to-end VPC connections. Till now you were connecting VPCs together using VPC peering. However, managing point-to-point VPC peering across several VPCs is a tedious and complex process. With Transit Gateway, each time you add a new VPC you attach to this centralized service. Transit Gateway acts as a hub that controls traffic among all the connected networks. We will see how a Transit Gateway can be setup
Transit Gateway Configuration
- I have created three VPCs, VPC-1,VPC-2,VPC-3 with 10.1.0.0/16, 10.2.0.0/16 and 10.3.0.0/16 respectively. You can do this in a smaller setup with two VPCs also.
2) I Created the 3 subnets for each VPCs like below.
3) Create internet gateway and attach to the respective VPCs like below. Modify the routing table to point the default traffic to internet gateway .
4) In the AWS Console search for VPC service and make sure that Transit Gateway is available in the left pane. Not all the AWS Region support Transit Gateway at the time of this writing. In the Left pane select Transit Gateway and click Create Transit Gateway. Enter a Name Tag and a Description. Scroll down the windows, follow default configuration like below. Click Create Transit Gateway. A Transit Gateway ID is generated which is the reference of it.
5) Next configure the Transit Gateway Attachment. Select Transit Gateway Attachments in left pane of VPC service. Click Create Transit Gateway Attachment. With this you are linking the VPCs to Transit Gateway using the Transit Gateway Attachment. From the drop down list select Transit Gateway ID. Attachment type is VPC here. Enter a Attachment Tag Name. Select first VPC and its subnets. Then Click Create Attachment.
Once Transit Gateway Attachment is created it looks like below. Repeat this configuration for the remaining two VPCs so that they are also linked Transit Gateway.
6) Modify the existing routing table by adding CIDR supernet which cover all the required VPC networks. You can see for VPC1, I have added a route to the network 10.0.0.0/8 which forwards the traffic via Transit Gateway. This has to be repeated for each VPC.
Testing
Create two EC2 Instances in any two VPCs. I have done it for VPC1 and VPC2. Now ssh to one of the instances and ping to the other instance. You can see below it works!!!!
Disclaimer: This experiment is done in a test environment. You may have to setup and verify thoroughly before you do a production setup.
Related Blog:
I have indexed all the blogs I have wrote, in the URL below
