Open in app

Sign in

Write

Sign in

Why We Should Use Transit & Direct Connect Gateways!

Rajat Vats
Opstree
Published in
3 min readSep 1, 2020

In everyone’s career path, this particular situation always comes when we think that everything will work out fine when, suddenly, out of the blue, we realize that a big issue is waiting to happen. We freak out about what are we gonna do before this issue knocks at your door ..Right?

Something similar happened to me some time ago, so let me cut to the chase. 🙂

I will explain why there is benefit in using transit and direct connect gateways by telling you what issues we faced without it.

BEFORE THE METEOR SIZED TROUBLE HIT US :

We were managing about 40+ AWS accounts along with inter-connectivity between them and our on-premises network.

At the very beginning of the project, AWS offered only one single solution of connectivity between AWS-to-AWS and On premises-to-AWS and that is to connect every single VPC to an AWS Virtual Interface(VIF) via AWS Virtual Private Gateway as shown in the above diagram.

This solution has served our cloud platform well for a number of years UNTIL ………………..

THAT BIG TROUBLE KNOCKED AT MY DOOR 😦

  1. We were getting frequent requests for new AWS accounts .. which means more VPCs and more VIFs .
  2. The existing solution was limited to a maximum of 50 VIF’s per direct connect connection and that means we can attach only 50 VPCs per direct connection.
  3. Adding more physical direct connect connections is time-consuming, near impossible to automate, and expensive.
  4. And because of the increasing number VPCs, we were about to run out of available VIF’s. THAT WILL LEAD TO NO MORE CONNECTION BETWEEN NEW VPCs AND ON PREMISES AND THAT’S NOT ACCEPTABLE.

AND HERE COME OUR SAVIOURS: DIRECT CONNECT GATEWAY(DCGW):

DCGW enables a single VIF to be connected to up to 10 VPC’s through DCGW associations. This instantly increases capacity tenfold as before we could only attach 1 VPC with 1 VIF. YIPPPEEEE ….. 🙂

BUT BUT BUT … There is one downside, which is, it’s not transitive in nature i.e two VPC’s connected to the same DCGW will not be able to communicate with each other.

One more issue right 😦 … this is where our second saviour comes 🙂

TRANSIT GATEWAY (TGW)

Transit gateway addressed the DCGW ‘s transitive shortcoming of inter VPC communication, as VPC’s could also be attached to TGW’s in the hub/spoke model. The result is that VPC’s can intercommunicate as long as they are connected to the same TGW, and can also connect back to the on-premise if connected to DCGW.

So final implementation looks like something this :

LET’S SEE THE AFTERMATH NOW:

Direct Connect Gateway allows us to attach 10 VPCs with single VIFs.

Transit gateway allows VPCs to intercommunicate as long as they are connected to the same TGW

Only because of TGW and DCGW , we are now managing about 90+ AWS accounts which were about 40 before.

So I hope that now you got some idea about what issues Transit and Direct connect gateways can solve.

Thanks for reading, I’d really appreciate the feedback. So, please leave your comment below if you guys have any queries related to this blog.

Cheers till the next time 🙂

Image Source: https://giphy.com

Originally published at http://blog.opstree.com on September 1, 2020.

AWS
DevOps
Aws Transit Gateway
Direct Connect Gat
Direct Connect

--

--

Rajat Vats
Opstree

Written by Rajat Vats

1 Follower
Writer for

DevOps Specialist | Automation Lover | Learner and Trainer in Opstree Solution

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams