AWS — Difference between VPC Peering and Transit Gateway

Comparisons: AWS VPC Peering vs AWS Transit Gateway in AWS

TL;DR:

VPC Peering and Transit Gateway are used to connect multiple VPCs. VPC Peering provides Full-mesh architecture while Transit Gateway provides hub-and-spoke architecture. Transit Gateway gives VPC connectivity at scale and simplifies VPC-to-VPC communication management over VPC Peering with a large number of VPCs.

VPC Peering

AWS VPC Peering connection is a networking connection between two VPCs that enables you to route traffic between them privately. Instances in either VPC can communicate with each other as if they are within the same network.

Awesome Cloud — AWS VPC Peering

Advantages of VPC peering

• Low cost since you need to pay only for data transfer.
• No bandwidth limit.

Disadvantages of VPC peering

• Complex at scale. Each new VPC increases the complexity of the network. Harder to maintain route tables compared to TGW.
• No transit routing.
• Maximum 125 peering connections per VPC.

Read more about AWS VPC Peering Overview

Transit Gateway

AWS Transit Gateway is a fully managed service that connects VPCs and On-Premises networks through a central hub without relying on numerous point-to-point connections or Transit VPC.

You can attach all your hybrid connectivity (VPN and Direct Connect connections) to a single Transit Gateway instance, consolidating and controlling your organization’s entire AWS routing configuration in one place.

Awesome Cloud — AWS Transit Gateway

Advantages of Transit Gateway

• Simplified management of VPC connections. Each spoke VPC only needs to connect to the TGW to gain access to other connected VPCs.
• Supports more VPCs compared to VPC peering.
• TGW Route Tables per attachment allow for fine-grained routing.

Disadvantages of Transit Gateway

• Additional hop introduces some latency.
• Extra cost of hourly charge per attachment in addition to data fees.

Read more about AWS Transit Gateway Overview

Key Differences: VPC Peering vs Transit Gateway

Connectivity Options
Peering: VPC to VPC. Hybrid connectivity is not supported.
TGW: VPC to VPC. Supports hybrid connectivity using VPN or Direct Connect Gateway attachments. Reuse same VPN/DX connection for multiple VPCs.

Architecture
Peering: Full Mesh (One to one mapping).
TGW: Hub and Spoke.

Transitive Routing
Peering: Not supported.
TGW: Supported.

Network Connectivity
Peering: Supports Inter-region and Intra-region VPCs connectivity.
TGW: Supports Inter-region and Intra-region VPCs connectivity.

Complexity
Peering: Increases with VPC count. You need to set up a VPC Peering between every VPC. Less complexity with a small number of VPC count.
TGW: Increases with Transit Gateway count/region count. Less complexity with a higher number of VPC count compares to VPC Peering. You need to manage a very less number of connections/attachments.

Scale
Peering: Up to 125 active Peers/VPC.
TGW: Up to 5,000 Attachments per Region.

Bandwidth limit
Peering: No limit.
TGW: Up to 50 Gbps (burst)/attachment.

Latency
Peering: Lowest.
TGW: Slightly higher compared to VPC Peering because of additional Transit Gateway hop.

Cost
Peering: Data transfer. (operational cost is high)
TGW: Data transfer, Data processing, and Hourly per attachment. (operational cost is less)

Visibility/Monitoring
Peering: VPC Flow Logs. Limited visibility compared to TGW.
TGW: VPC Flow Logs, Transit Gateway Network Manager, CloudWatch Metrics.

Security group (cross-referencing)
Peering: Supported.
TGW: Not supported.

Use Cases

Choose VPC Peering if:

• Number of VPCs to be connected is lower (~<10).
• You need multiple VPCs’ connectivity to On-premises.
• You want to minimize data transfer costs when significant volumes of data transfer across regions, VPC Peering is cost-effective.
• Need for low latency.
• You need high throughput. Network bandwidth requirement is more than 50 Gbps.

Choose Transit Gateway if:

• You need VPC connectivity at scale. Number of VPCs to be connected is higher (~>10) or scale in the future as the business grows.
• You need network-level segmentation. (possible with multiple TGW route tables)
• You need multiple VPCs connectivity to On-premises.

Summary

VPC Peering is complex at scale while Transit Gateways simplify network management architecture, reduce operational overhead, and centrally manage external connectivity at scale.

View more from Awesome Cloud

• Difference between SQS and SNS
• Difference between Application load balancer and Network load balancer
• Difference between Security Groups and NACL
• Difference between Amazon Aurora and Amazon RDS
• Difference between Secrets Manager and Parameter Store
• Difference between Internet Gateway and NAT Gateway

Happy Clouding!!!