SlideShare a Scribd company logo

[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018

To deliver your applications to millions of users you need to scale your network across thousands of VPCs. AWS Transit Gateway helps scale your workloads and vastly simplifies how you connect your AWS networks. AWS Transit Gateway also makes it easier to connect your on-premises networks across those VPCs. Using secure operational controls, you can implement and maintain centralized policies to connect Amazon VPCs with each other and with your on-premises networks. This session will enable you to get started quickly and get an insight into the various capabilities that AWS Transit Gateway introduces.

1 of 110
Download to read offline
[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
IntroducingAWSTransitGateway
Steve Seymour
Principal Solutions Architect
AWS
N E T 3 x x
Thomas Spendley
General Manager – Transit Gateway & VPN
AWS
@sseymour
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
A new service that allows customers to interconnect thousands
of Virtual Private Clouds (VPCs) and on-premises networks.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWSTransitGateway
• Interconnecting VPCs at scale
• Consolidating edge connectivity
• Flexibility with routing domains
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
InterconnectingVPC’satscale - Peering
AWS Cloud

Recommended

[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...Amazon Web Services
 
20191127 AWS Black Belt Online Seminar Amazon CloudWatch Container Insights で...
20191127 AWS Black Belt Online Seminar Amazon CloudWatch Container Insights で...20191127 AWS Black Belt Online Seminar Amazon CloudWatch Container Insights で...
20191127 AWS Black Belt Online Seminar Amazon CloudWatch Container Insights で...Amazon Web Services Japan
 
20190319 AWS Black Belt Online Seminar Amazon FSx for Lustre
20190319 AWS Black Belt Online Seminar Amazon FSx for Lustre20190319 AWS Black Belt Online Seminar Amazon FSx for Lustre
20190319 AWS Black Belt Online Seminar Amazon FSx for LustreAmazon Web Services Japan
 
20190306 AWS Black Belt Online Seminar Amazon EC2 スポットインスタンス
20190306 AWS Black Belt Online Seminar Amazon EC2 スポットインスタンス20190306 AWS Black Belt Online Seminar Amazon EC2 スポットインスタンス
20190306 AWS Black Belt Online Seminar Amazon EC2 スポットインスタンスAmazon Web Services Japan
 
202110 AWS Black Belt Online Seminar AWS Site-to-Site VPN
202110 AWS Black Belt Online Seminar AWS Site-to-Site VPN202110 AWS Black Belt Online Seminar AWS Site-to-Site VPN
202110 AWS Black Belt Online Seminar AWS Site-to-Site VPNAmazon Web Services Japan
 
20191002 AWS Black Belt Online Seminar Amazon EC2 Auto Scaling and AWS Auto S...
20191002 AWS Black Belt Online Seminar Amazon EC2 Auto Scaling and AWS Auto S...20191002 AWS Black Belt Online Seminar Amazon EC2 Auto Scaling and AWS Auto S...
20191002 AWS Black Belt Online Seminar Amazon EC2 Auto Scaling and AWS Auto S...Amazon Web Services Japan
 
20180425 AWS Black Belt Online Seminar Amazon Relational Database Service (Am...
20180425 AWS Black Belt Online Seminar Amazon Relational Database Service (Am...20180425 AWS Black Belt Online Seminar Amazon Relational Database Service (Am...
20180425 AWS Black Belt Online Seminar Amazon Relational Database Service (Am...Amazon Web Services Japan
 
AWS Black Belt Online Seminar 2016 AWS上でのActive Directory構築
AWS Black Belt Online Seminar 2016 AWS上でのActive Directory構築AWS Black Belt Online Seminar 2016 AWS上でのActive Directory構築
AWS Black Belt Online Seminar 2016 AWS上でのActive Directory構築Amazon Web Services Japan
 

More Related Content

What's hot

20190424 AWS Black Belt Online Seminar Amazon Aurora MySQL
20190424 AWS Black Belt Online Seminar Amazon Aurora MySQL20190424 AWS Black Belt Online Seminar Amazon Aurora MySQL
20190424 AWS Black Belt Online Seminar Amazon Aurora MySQLAmazon Web Services Japan
 
20200526 AWS Black Belt Online Seminar AWS X-Ray
20200526 AWS Black Belt Online Seminar AWS X-Ray20200526 AWS Black Belt Online Seminar AWS X-Ray
20200526 AWS Black Belt Online Seminar AWS X-RayAmazon Web Services Japan
 
20191105 AWS Black Belt Online Seminar Amazon Route 53 Hosted Zone
20191105 AWS Black Belt Online Seminar Amazon Route 53 Hosted Zone20191105 AWS Black Belt Online Seminar Amazon Route 53 Hosted Zone
20191105 AWS Black Belt Online Seminar Amazon Route 53 Hosted ZoneAmazon Web Services Japan
 
20210126 AWS Black Belt Online Seminar AWS CodeDeploy
20210126 AWS Black Belt Online Seminar AWS CodeDeploy20210126 AWS Black Belt Online Seminar AWS CodeDeploy
20210126 AWS Black Belt Online Seminar AWS CodeDeployAmazon Web Services Japan
 
20200818 AWS Black Belt Online Seminar AWS Shield Advanced
20200818 AWS Black Belt Online Seminar AWS Shield Advanced20200818 AWS Black Belt Online Seminar AWS Shield Advanced
20200818 AWS Black Belt Online Seminar AWS Shield AdvancedAmazon Web Services Japan
 
AWS Black Belt Online Seminar 2017 Auto Scaling
AWS Black Belt Online Seminar 2017 Auto ScalingAWS Black Belt Online Seminar 2017 Auto Scaling
AWS Black Belt Online Seminar 2017 Auto ScalingAmazon Web Services Japan
 
AWS Black Belt Techシリーズ AWS Direct Connect
AWS Black Belt Techシリーズ AWS Direct ConnectAWS Black Belt Techシリーズ AWS Direct Connect
AWS Black Belt Techシリーズ AWS Direct ConnectAmazon Web Services Japan
 
20210119 AWS Black Belt Online Seminar AWS CloudTrail
20210119 AWS Black Belt Online Seminar AWS CloudTrail20210119 AWS Black Belt Online Seminar AWS CloudTrail
20210119 AWS Black Belt Online Seminar AWS CloudTrailAmazon Web Services Japan
 
20190220 AWS Black Belt Online Seminar Amazon S3 / Glacier
20190220 AWS Black Belt Online Seminar Amazon S3 / Glacier20190220 AWS Black Belt Online Seminar Amazon S3 / Glacier
20190220 AWS Black Belt Online Seminar Amazon S3 / GlacierAmazon Web Services Japan
 
Amazon Kinesis Familyを活用したストリームデータ処理
Amazon Kinesis Familyを活用したストリームデータ処理Amazon Kinesis Familyを活用したストリームデータ処理
Amazon Kinesis Familyを活用したストリームデータ処理Amazon Web Services Japan
 
20190320 AWS Black Belt Online Seminar Amazon EBS
20190320 AWS Black Belt Online Seminar Amazon EBS20190320 AWS Black Belt Online Seminar Amazon EBS
20190320 AWS Black Belt Online Seminar Amazon EBSAmazon Web Services Japan
 
AWS Black Belt Online Seminar 2018 AWS Well-Architected Framework
AWS Black Belt Online Seminar 2018 AWS Well-Architected FrameworkAWS Black Belt Online Seminar 2018 AWS Well-Architected Framework
AWS Black Belt Online Seminar 2018 AWS Well-Architected FrameworkAmazon Web Services Japan
 
20190402 AWS Black Belt Online Seminar Let's Dive Deep into AWS Lambda Part1 ...
20190402 AWS Black Belt Online Seminar Let's Dive Deep into AWS Lambda Part1 ...20190402 AWS Black Belt Online Seminar Let's Dive Deep into AWS Lambda Part1 ...
20190402 AWS Black Belt Online Seminar Let's Dive Deep into AWS Lambda Part1 ...Amazon Web Services Japan
 
20210330 AWS Black Belt Online Seminar AWS Glue -Glue Studioを使ったデータ変換のベストプラクティス-
20210330 AWS Black Belt Online Seminar AWS Glue -Glue Studioを使ったデータ変換のベストプラクティス-20210330 AWS Black Belt Online Seminar AWS Glue -Glue Studioを使ったデータ変換のベストプラクティス-
20210330 AWS Black Belt Online Seminar AWS Glue -Glue Studioを使ったデータ変換のベストプラクティス-Amazon Web Services Japan
 
AWS Black Belt Online Seminar 2017 Amazon ElastiCache
AWS Black Belt Online Seminar 2017 Amazon ElastiCacheAWS Black Belt Online Seminar 2017 Amazon ElastiCache
AWS Black Belt Online Seminar 2017 Amazon ElastiCacheAmazon Web Services Japan
 
20190806 AWS Black Belt Online Seminar AWS Glue
20190806 AWS Black Belt Online Seminar AWS Glue20190806 AWS Black Belt Online Seminar AWS Glue
20190806 AWS Black Belt Online Seminar AWS GlueAmazon Web Services Japan
 
20190312 AWS Black Belt Online Seminar AWS Well-Architected Frameworkによるコスト最適化
20190312 AWS Black Belt Online Seminar AWS Well-Architected Frameworkによるコスト最適化20190312 AWS Black Belt Online Seminar AWS Well-Architected Frameworkによるコスト最適化
20190312 AWS Black Belt Online Seminar AWS Well-Architected Frameworkによるコスト最適化Amazon Web Services Japan
 
20190326 AWS Black Belt Online Seminar Amazon CloudWatch
20190326 AWS Black Belt Online Seminar Amazon CloudWatch20190326 AWS Black Belt Online Seminar Amazon CloudWatch
20190326 AWS Black Belt Online Seminar Amazon CloudWatchAmazon Web Services Japan
 
20190226 AWS Black Belt Online Seminar Amazon WorkSpaces
20190226 AWS Black Belt Online Seminar Amazon WorkSpaces20190226 AWS Black Belt Online Seminar Amazon WorkSpaces
20190226 AWS Black Belt Online Seminar Amazon WorkSpacesAmazon Web Services Japan
 
20200422 AWS Black Belt Online Seminar Amazon Elastic Container Service (Amaz...
20200422 AWS Black Belt Online Seminar Amazon Elastic Container Service (Amaz...20200422 AWS Black Belt Online Seminar Amazon Elastic Container Service (Amaz...
20200422 AWS Black Belt Online Seminar Amazon Elastic Container Service (Amaz...Amazon Web Services Japan
 

What's hot (20)

20190424 AWS Black Belt Online Seminar Amazon Aurora MySQL
20190424 AWS Black Belt Online Seminar Amazon Aurora MySQL20190424 AWS Black Belt Online Seminar Amazon Aurora MySQL
20190424 AWS Black Belt Online Seminar Amazon Aurora MySQL
 
20200526 AWS Black Belt Online Seminar AWS X-Ray
20200526 AWS Black Belt Online Seminar AWS X-Ray20200526 AWS Black Belt Online Seminar AWS X-Ray
20200526 AWS Black Belt Online Seminar AWS X-Ray
 
20191105 AWS Black Belt Online Seminar Amazon Route 53 Hosted Zone
20191105 AWS Black Belt Online Seminar Amazon Route 53 Hosted Zone20191105 AWS Black Belt Online Seminar Amazon Route 53 Hosted Zone
20191105 AWS Black Belt Online Seminar Amazon Route 53 Hosted Zone
 
20210126 AWS Black Belt Online Seminar AWS CodeDeploy
20210126 AWS Black Belt Online Seminar AWS CodeDeploy20210126 AWS Black Belt Online Seminar AWS CodeDeploy
20210126 AWS Black Belt Online Seminar AWS CodeDeploy
 
20200818 AWS Black Belt Online Seminar AWS Shield Advanced
20200818 AWS Black Belt Online Seminar AWS Shield Advanced20200818 AWS Black Belt Online Seminar AWS Shield Advanced
20200818 AWS Black Belt Online Seminar AWS Shield Advanced
 
AWS Black Belt Online Seminar 2017 Auto Scaling
AWS Black Belt Online Seminar 2017 Auto ScalingAWS Black Belt Online Seminar 2017 Auto Scaling
AWS Black Belt Online Seminar 2017 Auto Scaling
 
AWS Black Belt Techシリーズ AWS Direct Connect
AWS Black Belt Techシリーズ AWS Direct ConnectAWS Black Belt Techシリーズ AWS Direct Connect
AWS Black Belt Techシリーズ AWS Direct Connect
 
20210119 AWS Black Belt Online Seminar AWS CloudTrail
20210119 AWS Black Belt Online Seminar AWS CloudTrail20210119 AWS Black Belt Online Seminar AWS CloudTrail
20210119 AWS Black Belt Online Seminar AWS CloudTrail
 
20190220 AWS Black Belt Online Seminar Amazon S3 / Glacier
20190220 AWS Black Belt Online Seminar Amazon S3 / Glacier20190220 AWS Black Belt Online Seminar Amazon S3 / Glacier
20190220 AWS Black Belt Online Seminar Amazon S3 / Glacier
 
Amazon Kinesis Familyを活用したストリームデータ処理
Amazon Kinesis Familyを活用したストリームデータ処理Amazon Kinesis Familyを活用したストリームデータ処理
Amazon Kinesis Familyを活用したストリームデータ処理
 
20190320 AWS Black Belt Online Seminar Amazon EBS
20190320 AWS Black Belt Online Seminar Amazon EBS20190320 AWS Black Belt Online Seminar Amazon EBS
20190320 AWS Black Belt Online Seminar Amazon EBS
 
AWS Black Belt Online Seminar 2018 AWS Well-Architected Framework
AWS Black Belt Online Seminar 2018 AWS Well-Architected FrameworkAWS Black Belt Online Seminar 2018 AWS Well-Architected Framework
AWS Black Belt Online Seminar 2018 AWS Well-Architected Framework
 
20190402 AWS Black Belt Online Seminar Let's Dive Deep into AWS Lambda Part1 ...
20190402 AWS Black Belt Online Seminar Let's Dive Deep into AWS Lambda Part1 ...20190402 AWS Black Belt Online Seminar Let's Dive Deep into AWS Lambda Part1 ...
20190402 AWS Black Belt Online Seminar Let's Dive Deep into AWS Lambda Part1 ...
 
20210330 AWS Black Belt Online Seminar AWS Glue -Glue Studioを使ったデータ変換のベストプラクティス-
20210330 AWS Black Belt Online Seminar AWS Glue -Glue Studioを使ったデータ変換のベストプラクティス-20210330 AWS Black Belt Online Seminar AWS Glue -Glue Studioを使ったデータ変換のベストプラクティス-
20210330 AWS Black Belt Online Seminar AWS Glue -Glue Studioを使ったデータ変換のベストプラクティス-
 
AWS Black Belt Online Seminar 2017 Amazon ElastiCache
AWS Black Belt Online Seminar 2017 Amazon ElastiCacheAWS Black Belt Online Seminar 2017 Amazon ElastiCache
AWS Black Belt Online Seminar 2017 Amazon ElastiCache
 
20190806 AWS Black Belt Online Seminar AWS Glue
20190806 AWS Black Belt Online Seminar AWS Glue20190806 AWS Black Belt Online Seminar AWS Glue
20190806 AWS Black Belt Online Seminar AWS Glue
 
20190312 AWS Black Belt Online Seminar AWS Well-Architected Frameworkによるコスト最適化
20190312 AWS Black Belt Online Seminar AWS Well-Architected Frameworkによるコスト最適化20190312 AWS Black Belt Online Seminar AWS Well-Architected Frameworkによるコスト最適化
20190312 AWS Black Belt Online Seminar AWS Well-Architected Frameworkによるコスト最適化
 
20190326 AWS Black Belt Online Seminar Amazon CloudWatch
20190326 AWS Black Belt Online Seminar Amazon CloudWatch20190326 AWS Black Belt Online Seminar Amazon CloudWatch
20190326 AWS Black Belt Online Seminar Amazon CloudWatch
 
20190226 AWS Black Belt Online Seminar Amazon WorkSpaces
20190226 AWS Black Belt Online Seminar Amazon WorkSpaces20190226 AWS Black Belt Online Seminar Amazon WorkSpaces
20190226 AWS Black Belt Online Seminar Amazon WorkSpaces
 
20200422 AWS Black Belt Online Seminar Amazon Elastic Container Service (Amaz...
20200422 AWS Black Belt Online Seminar Amazon Elastic Container Service (Amaz...20200422 AWS Black Belt Online Seminar Amazon Elastic Container Service (Amaz...
20200422 AWS Black Belt Online Seminar Amazon Elastic Container Service (Amaz...
 

Similar to [NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018

AWS VPN Solutions (NET304) - AWS re:Invent 2018
AWS VPN Solutions (NET304) - AWS re:Invent 2018AWS VPN Solutions (NET304) - AWS re:Invent 2018
AWS VPN Solutions (NET304) - AWS re:Invent 2018Amazon Web Services
 
AWS PrivateLink: Fundamentals - SRV211 - Chicago AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Chicago AWS SummitAWS PrivateLink: Fundamentals - SRV211 - Chicago AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Chicago AWS SummitAmazon Web Services
 
Extending Data Centers to the Cloud: Connectivity Options and Best Practices ...
Extending Data Centers to the Cloud: Connectivity Options and Best Practices ...Extending Data Centers to the Cloud: Connectivity Options and Best Practices ...
Extending Data Centers to the Cloud: Connectivity Options and Best Practices ...Amazon Web Services
 
Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...
Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...
Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...Amazon Web Services
 
Expanding Your AWS and On-premise Footprint to AWS GovCloud (US)
Expanding Your AWS and On-premise Footprint to AWS GovCloud (US)Expanding Your AWS and On-premise Footprint to AWS GovCloud (US)
Expanding Your AWS and On-premise Footprint to AWS GovCloud (US)Amazon Web Services
 
高度規模化、可信賴的混合雲網路 (Level 300-400)
高度規模化、可信賴的混合雲網路 (Level 300-400)高度規模化、可信賴的混合雲網路 (Level 300-400)
高度規模化、可信賴的混合雲網路 (Level 300-400)Amazon Web Services
 
AWS PrivateLink: Fundamentals - SRV211 - Anaheim AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Anaheim AWS SummitAWS PrivateLink: Fundamentals - SRV211 - Anaheim AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Anaheim AWS SummitAmazon Web Services
 
AWS PrivateLink: Fundamentals - SRV211 - Toronto AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Toronto AWS SummitAWS PrivateLink: Fundamentals - SRV211 - Toronto AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Toronto AWS SummitAmazon Web Services
 
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018Amazon Web Services
 
AWS re:Invent 2018: [NEW LAUNCH] AWS Transit Gateway & Transit VPCs, Ref Arch...
AWS re:Invent 2018: [NEW LAUNCH] AWS Transit Gateway & Transit VPCs, Ref Arch...AWS re:Invent 2018: [NEW LAUNCH] AWS Transit Gateway & Transit VPCs, Ref Arch...
AWS re:Invent 2018: [NEW LAUNCH] AWS Transit Gateway & Transit VPCs, Ref Arch...Amazon Web Services
 
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...Amazon Web Services
 
[NEW LAUNCH!] How to Architect for Multi-Region Redundancy Using Anycast IPs ...
[NEW LAUNCH!] How to Architect for Multi-Region Redundancy Using Anycast IPs ...[NEW LAUNCH!] How to Architect for Multi-Region Redundancy Using Anycast IPs ...
[NEW LAUNCH!] How to Architect for Multi-Region Redundancy Using Anycast IPs ...Amazon Web Services
 
VPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPCVPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPCAmazon Web Services
 
Connectivity Options: VPC Peering, Transit VPC, AWS PrivateLink, AWS Direct C...
Connectivity Options: VPC Peering, Transit VPC, AWS PrivateLink, AWS Direct C...Connectivity Options: VPC Peering, Transit VPC, AWS PrivateLink, AWS Direct C...
Connectivity Options: VPC Peering, Transit VPC, AWS PrivateLink, AWS Direct C...Amazon Web Services
 
Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...
Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...
Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...Amazon Web Services
 
AWS PrivateLink: Fundamentals - SRV211 - Atlanta AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Atlanta AWS SummitAWS PrivateLink: Fundamentals - SRV211 - Atlanta AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Atlanta AWS SummitAmazon Web Services
 
Designing Network Architectures with Direct Connect for Multiple Traffic Stre...
Designing Network Architectures with Direct Connect for Multiple Traffic Stre...Designing Network Architectures with Direct Connect for Multiple Traffic Stre...
Designing Network Architectures with Direct Connect for Multiple Traffic Stre...Amazon Web Services
 
SRV204 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity ...
 SRV204 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity ... SRV204 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity ...
SRV204 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity ...Amazon Web Services
 
Best Practices for Building Multi-Region, Active-Active Serverless Applicatio...
Best Practices for Building Multi-Region, Active-Active Serverless Applicatio...Best Practices for Building Multi-Region, Active-Active Serverless Applicatio...
Best Practices for Building Multi-Region, Active-Active Serverless Applicatio...Amazon Web Services
 

Similar to [NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018 (20)

AWS VPN Solutions (NET304) - AWS re:Invent 2018
AWS VPN Solutions (NET304) - AWS re:Invent 2018AWS VPN Solutions (NET304) - AWS re:Invent 2018
AWS VPN Solutions (NET304) - AWS re:Invent 2018
 
AWS PrivateLink: Fundamentals - SRV211 - Chicago AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Chicago AWS SummitAWS PrivateLink: Fundamentals - SRV211 - Chicago AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Chicago AWS Summit
 
Extending Data Centers to the Cloud: Connectivity Options and Best Practices ...
Extending Data Centers to the Cloud: Connectivity Options and Best Practices ...Extending Data Centers to the Cloud: Connectivity Options and Best Practices ...
Extending Data Centers to the Cloud: Connectivity Options and Best Practices ...
 
Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...
Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...
Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...
 
Expanding Your AWS and On-premise Footprint to AWS GovCloud (US)
Expanding Your AWS and On-premise Footprint to AWS GovCloud (US)Expanding Your AWS and On-premise Footprint to AWS GovCloud (US)
Expanding Your AWS and On-premise Footprint to AWS GovCloud (US)
 
高度規模化、可信賴的混合雲網路 (Level 300-400)
高度規模化、可信賴的混合雲網路 (Level 300-400)高度規模化、可信賴的混合雲網路 (Level 300-400)
高度規模化、可信賴的混合雲網路 (Level 300-400)
 
AWS PrivateLink: Fundamentals - SRV211 - Anaheim AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Anaheim AWS SummitAWS PrivateLink: Fundamentals - SRV211 - Anaheim AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Anaheim AWS Summit
 
AWS PrivateLink Fundamentals
AWS PrivateLink FundamentalsAWS PrivateLink Fundamentals
AWS PrivateLink Fundamentals
 
AWS PrivateLink: Fundamentals - SRV211 - Toronto AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Toronto AWS SummitAWS PrivateLink: Fundamentals - SRV211 - Toronto AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Toronto AWS Summit
 
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018
 
AWS re:Invent 2018: [NEW LAUNCH] AWS Transit Gateway & Transit VPCs, Ref Arch...
AWS re:Invent 2018: [NEW LAUNCH] AWS Transit Gateway & Transit VPCs, Ref Arch...AWS re:Invent 2018: [NEW LAUNCH] AWS Transit Gateway & Transit VPCs, Ref Arch...
AWS re:Invent 2018: [NEW LAUNCH] AWS Transit Gateway & Transit VPCs, Ref Arch...
 
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...
 
[NEW LAUNCH!] How to Architect for Multi-Region Redundancy Using Anycast IPs ...
[NEW LAUNCH!] How to Architect for Multi-Region Redundancy Using Anycast IPs ...[NEW LAUNCH!] How to Architect for Multi-Region Redundancy Using Anycast IPs ...
[NEW LAUNCH!] How to Architect for Multi-Region Redundancy Using Anycast IPs ...
 
VPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPCVPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPC
 
Connectivity Options: VPC Peering, Transit VPC, AWS PrivateLink, AWS Direct C...
Connectivity Options: VPC Peering, Transit VPC, AWS PrivateLink, AWS Direct C...Connectivity Options: VPC Peering, Transit VPC, AWS PrivateLink, AWS Direct C...
Connectivity Options: VPC Peering, Transit VPC, AWS PrivateLink, AWS Direct C...
 
Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...
Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...
Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...
 
AWS PrivateLink: Fundamentals - SRV211 - Atlanta AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Atlanta AWS SummitAWS PrivateLink: Fundamentals - SRV211 - Atlanta AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Atlanta AWS Summit
 
Designing Network Architectures with Direct Connect for Multiple Traffic Stre...
Designing Network Architectures with Direct Connect for Multiple Traffic Stre...Designing Network Architectures with Direct Connect for Multiple Traffic Stre...
Designing Network Architectures with Direct Connect for Multiple Traffic Stre...
 
SRV204 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity ...
 SRV204 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity ... SRV204 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity ...
SRV204 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity ...
 
Best Practices for Building Multi-Region, Active-Active Serverless Applicatio...
Best Practices for Building Multi-Region, Active-Active Serverless Applicatio...Best Practices for Building Multi-Region, Active-Active Serverless Applicatio...
Best Practices for Building Multi-Region, Active-Active Serverless Applicatio...
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018

  • 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. IntroducingAWSTransitGateway Steve Seymour Principal Solutions Architect AWS N E T 3 x x Thomas Spendley General Manager – Transit Gateway & VPN AWS @sseymour
  • 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. A new service that allows customers to interconnect thousands of Virtual Private Clouds (VPCs) and on-premises networks.
  • 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWSTransitGateway • Interconnecting VPCs at scale • Consolidating edge connectivity • Flexibility with routing domains
  • 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. InterconnectingVPC’satscale - Peering AWS Cloud
  • 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. InterconnectingVPC’satscale - Peering AWS Cloud
  • 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. InterconnectingVPC’satscale –TransitGateway AWS Cloud
  • 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Consolidating EdgeConnectivity – MultipleVPN’s On-Premise AWS Cloud
  • 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Consolidating EdgeConnectivity – MultipleVPN’s On-Premise AWS Cloud
  • 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Consolidating EdgeConnectivity –SingleVPN’s On-Premise AWS Cloud
  • 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Consolidating EdgeConnectivity – ResilientVPN’s? On-Premise AWS Cloud
  • 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Consolidating EdgeConnectivity – ResilientVPN’s On-Premise AWS Cloud
  • 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Consolidating EdgeConnectivity – ResilientVPN’s On-Premise AWS Cloud
  • 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Scenario • Multiple VPC’s • Any to any communication • Sharing a single VPN Connection On-Premise AWS Cloud
  • 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. FourVPC’s
  • 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. CreateaTransitGateway
  • 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. CreateaTransitGateway
  • 20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. CreateVPCAttachments
  • 21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. CreateVPCAttachments
  • 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. ViewVPCAttachments
  • 23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. TransitGatewayRouteTable
  • 24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. UpdateVPC RouteTables
  • 25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. TestConnectivity
  • 26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. CreateaVPNAttachment
  • 27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Download theConfiguration
  • 28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Complete –VPNUP
  • 29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Complete –VPCto theCGW viaVPN
  • 30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Complete – viewfromtheCGW
  • 31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. CLIexample – awsec2create-vpn-connection • --customer-gateway-id • --type • --transit-gateway-id • --options • StaticRoutesOnly • TunnelOptions • TunnelInsideCidr • PreSharedKey • TunnelInsideCidr • PreSharedKey Just the same as a VGW based VPN!
  • 32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWSTransitGatewaykeyconcepts 1) Attachments 2) Route Tables i. Association ii. Propagation
  • 34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Attachments
  • 35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Attachments–VPC’s att-red att-blue
  • 36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Attachments– ‘associated& propagated route table’ att-red att-blue
  • 37. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Attachments– ‘associated& propagated route table’ att-red att-blue
  • 38. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Attachments– ”associated”route table att-red att-blue
  • 39. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Attachments– “propagation” of routes att-red att-blue
  • 40. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Attachments–TGW RouteTableiscomplete att-red att-blue
  • 41. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Attachments– butwhatabout theVPC’s? att-red att-blue
  • 42. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. TheDefault On-Premise AWS VPN 10.99.99.0/24 via BGP 10.1.0.0/16 via BGP 10.2.0.0/16 via BGP
  • 43. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 44. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. WhatifwehadtwoTGW route tables ?
  • 45. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Or three? On-Premise AWS VPN
  • 46. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Routing Domains 10.99.99.0/24 via BGP On-Premise 10.1.0.0/16 via BGP 10.2.0.0/16 via BGP AWS VPN att-red tgw-rtb-c
  • 47. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Routing Domains 10.99.99.0/24 via BGP On-Premise 10.1.0.0/16 via BGP 10.2.0.0/16 via BGP AWS VPN att-blue tgw-rtb-c
  • 48. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Routing Domains 10.99.99.0/24 via BGP On-Premise green tgw-rtb-c tgw-rtb-a tgw-rtb-b10.1.0.0/16 via BGP 10.2.0.0/16 via BGP AWS VPN
  • 49. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Routing Domains On-Premise AWS VPN 10.99.99.0/24 via BGP 10.1.0.0/16 via BGP 10.2.0.0/16 via BGP
  • 50. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. RouteTables • Enable you to define the ‘next-hop’ (Attachment) • You can place static entries into a route table • You can create ‘blackhole’ routes • Static/Blackhole entries take precedence over propagated routes
  • 51. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. RouteTables • By default, a TGW has one route table • By default, all attachments are associated to the same route table • By default, all attachments propagate to the same route table By default, everything can route to everything
  • 52. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. RouteTables • You can have multiple route tables in a TGW • Attachments can only be associated with one route table • Attachments can propagate their routes to multiple route tables With configuration you have complete control of routing
  • 53. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Howtothinkabout Routing • Consider traffic flow in both directions • What decision is made about the ‘next-hop’ • Helps to visualize each hop in the path
  • 54. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Routing Domains On-Premise AWS VPN 10.99.99.0/24 via BGP 10.1.0.0/16 via BGP 10.2.0.0/16 via BGP
  • 55. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. On-Premise 10.99.99.0/24 via BGP Followtheroutes … 10.1.0.0/16 via BGP 10.2.0.0/16 via BGP
  • 56. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 10.1.0.0/16 via BGP 10.2.0.0/16 via BGP On-Premise 10.99.99.0/24 via BGP Followtheroutes …
  • 57. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 10.1.0.0/16 via BGP 10.2.0.0/16 via BGP On-Premise 10.99.99.0/24 via BGP Followtheroutes …
  • 58. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 10.1.0.0/16 via BGP 10.2.0.0/16 via BGP On-Premise 10.99.99.0/24 via BGP Followtheroutes …
  • 59. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 10.1.0.0/16 via BGP 10.2.0.0/16 via BGP On-Premise 10.99.99.0/24 via BGP Followtheroutes …
  • 60. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 10.1.0.0/16 via BGP 10.2.0.0/16 via BGP On-Premise Followtheroutes … 10.99.99.0/24 via BGP
  • 61. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 10.99.99.0/24 via BGP 10.1.0.0/16 via BGP 10.2.0.0/16 via BGP On-Premise Followtheroutes …
  • 62. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. TransitGatewayArchitectures • Any-to-Any – the default • Shared edge connectivity • Isolation?
  • 63. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 10.1.0.0/16 via BGP 10.2.0.0/16 via BGP On-Premise 10.99.99.0/24 via BGP Isolation
  • 64. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 10.1.0.0/16 via BGP 10.2.0.0/16 via BGP On-Premise 10.99.99.0/24 via BGP Isolation
  • 65. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. OtherTransitGatewayArchitectures • Any-to-Any – the default • Shared edge connectivity • Isolated VPC’s • Shared VPC’s • Multiple Transit Gateway’s on a VPC • Direct Connect (using VPN over Public Virtual Interfaces) • High Bandwidth VPN connectivity – more than 1.25Gbps • Centralized egress Firewalls or NAT Gateways • Centralized access to Interface Endpoints / PrivateLink • Using VPN to inject routes and ECMP over appliances Thursday, November 29th NET402 : Transit Gateway : Reference Architectures for Many VPC’s 12:15 – 13:15 | Mirage, Mirage Events Center B
  • 66. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 67. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPCAttachment • Transit Gateway is a Regional Object • Single target for VPC Route Tables • However – you need to identify the AZ’s you are using • Which subnets should you use? • One per AZ • Create new subnets • Allows granular control of ‘next-hop’ for traffic entering the VPC • Can use existing subnets if needed
  • 68. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Theviewfrom aVPC VPC – 10.1.0.0/16 Region
  • 69. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Theviewfrom aVPC VPC – 10.1.0.0/16 Region Subnet Subnet Subnet PUBLIC
  • 70. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Theviewfrom aVPC VPC – 10.1.0.0/16 Region Subnet Subnet Subnet Subnet Subnet Subnet PRIVATE
  • 71. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Theviewfrom aVPC VPC – 10.1.0.0/16 Subnet Region Subnet Subnet Subnet Subnet Subnet Subnet Subnet Subnet CONNECTIVITY
  • 72. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Theviewfrom aVPC VPC – 10.1.0.0/16 Subnet Region Subnet Subnet TGW Subnet Subnet Subnet Subnet Subnet Subnet
  • 73. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Theviewfrom aVPC VPC – 10.1.0.0/16 Subnet Region Subnet Subnet TGW Subnet Subnet Subnet Subnet Subnet Subnet
  • 74. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Theviewfrom aVPC VPC – 10.1.0.0/16 Subnet Region Subnet Subnet TGW Subnet Subnet Subnet Subnet Subnet Subnet
  • 75. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Theviewfrom aVPC VPC – 10.1.0.0/16 Subnet Region Subnet Subnet TGW Subnet Subnet Subnet Subnet Subnet Subnet
  • 76. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Theviewfrom aVPC VPC – 10.1.0.0/16 Subnet Region Subnet Subnet TGW Subnet Subnet Subnet Subnet Subnet Subnet
  • 77. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 78. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Theviewfrom aVPC VPC – 10.1.0.0/16 Subnet Region Subnet Subnet TGW Subnet Subnet Subnet Subnet Subnet Subnet
  • 79. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Theviewfrom aVPC VPC – 10.1.0.0/16 Region Subnet Subnet Subnet Subnet Subnet Subnet Subnet 50 10.1.0.0/24 SubnetSubnet TGW
  • 80. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Theviewfrom aVPC VPC – 10.1.0.0/16 Subnet Region Subnet Subnet Subnet Subnet Subnet Subnet Subnet TGW Subnet 50 10.1.0.0/24
  • 81. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Nexthop routing – NATGateway • What about specifying a target of the NAT Gateway in the Connectivity Route Table? VPC – 10.1.0.0/16 SubnetSubnet static
  • 82. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Nexthop routing – NATGateway • What about specifying a target of the NAT Gateway in the Connectivity Route Table? VPC – 10.1.0.0/16 SubnetSubnet
  • 83. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Nexthop routing – NATGateway • Return path? VPC – 10.1.0.0/16 SubnetSubnet
  • 84. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Inbound routing -Nexthop • Consider AZ Independence • Separate ‘inbound’ route table for each TGW attached subnet • Separate Target per AZ
  • 85. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Route53Resolver,Interface Endpoints & PrivateLink VPC – 10.2.0.0/16 Subnet Region Subnet Subnet TGW Subnet Subnet Subnet
  • 86. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Route53Resolver VPC – 10.2.0.0/16 Subnet Region Subnet Subnet TGW Subnet Subnet Subnet
  • 87. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPCInterface Endpoints VPC – 10.2.0.0/16 Subnet Region Subnet Subnet TGW Subnet Subnet Subnet
  • 88. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. PrivateLinkEndpoints VPC – 10.2.0.0/16 Subnet Region Subnet Subnet TGW Subnet Subnet Subnet
  • 89. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Route53Resolver,Interface Endpoints & PrivateLink VPC – 10.2.0.0/16 Subnet Region Subnet Subnet TGW Subnet Subnet Subnet
  • 90. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. NextHop Routing – InterfaceEndpoints & PrivateLink • No routing configuration required! • The endpoints are within the VPC CIDR Range • DNS needs to resolve to the Interface Endpoints • Consider using Route 53 Resolver Endpoints
  • 91. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Nexthop routing – “Middle Box” • Inbound Route table with a target of an EC2 ENI • Middle box hosted in a different subnet • Outbound Route table with target of TGW • Single Point of failure! • Could match the NAT-GW pattern and deploy AZI • Traffic flow may be asymmetric!
  • 92. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Nexthop routing – “Middle Box” VPC – 10.1.0.0/16 SubnetSubnet tgw M eni-M
  • 93. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS VPN Alternatively– useVPN VPC AWS VPN
  • 94. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 95. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPNAttachments • Standard AWS VPN configuration options • Dynamic (BGP) • Static • Download configuration examples via Console • Equal Cost Multi-Pathing (ECMP)
  • 96. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Whatis ECMP? • Multiple VPN Connections – each supports 1.25Gbps • Advertise the same IP Prefix over all connections • This creates Multiple paths – with the same ‘cost’ • Equal Cost Multi-Pathing • Enables scaling up of VPN bandwidth • Used for connectivity to on-premises networks • Used for middle-box, marketplace appliances / service insertion
  • 97. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. DNS • DNS Resolution is supported for all VPC’s attached to the TGW • Supports resolving ‘public’ DNS names to Private IP’s • Route 53 Resolver Endpoints
  • 98. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Multi-Account process • Owner creates a Transit Gateway • Using Resource Access Manager (RAM) - creates a resource share • Include the Transit Gateway in the resource share • Specify the principals who can use it • Specific AWS accounts • Accounts within a particular AWS Organization or OU
  • 99. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Multi-Account process • Participant creates an Attachment against the shared Transit Gateway • Owner accepts attachment (or auto-accept) Note – The participant cannot modify route tables
  • 100. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. ResourceAccessManager (RAM)
  • 101. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Integration withotherAWSServices Flow logsVPN Connection
  • 102. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Pricing • Billed per hour, per attachment • For Multi-account configurations, billing starts when the attachment is accepted. • Data processing charges apply for each gigabyte sent from an Amazon VPC or AWS Site-to-Site VPN to the AWS Transit Gateway. $
  • 103. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Region availability Available now in – • US East (N. Virginia) • US East (Ohio) • US West (N. California) • US West (Oregon) • EU (Ireland) • Asia Pacific (Mumbai) Other regions coming soon!
  • 104. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Limits Number of AWS Transit Gateway attachments 5,000 Number of Routes 10,000 Number of Route Tables 20
  • 105. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 106. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Future Plans • Direct Connect Gateway Attachments • Transit Gateway Inter-Region Peering • Additional advanced routing features
  • 107. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWSTransitGateway • Easier connectivity • Better visibility and control • On-demand bandwidth • Routing • Edge connectivity • Feature interoperability • Monitoring • Security
  • 108. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Wednesday, November 28th NET209-L : Leadership Session: Networking 13:00 – 14:00 | Venetian, Level 2, Venetian E Relatedbreakouts Thursday, November 29th NET402 : Transit Gateway : Reference Architectures for Many VPC’s 12:15 – 13:15 | Mirage, Mirage Events Center B Friday, November 30th NET304 : AWS VPN Solutions 10:45 – 11:45 | Venetian, Level 2, Venetian F
  • 109. Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Steve Seymour @sseymour Thomas Spendley
  • 110. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Editor's Notes

  1. STEVE Good morning – welcome to this session on the newly announced AWS Transit Gateway. My name is Steve Seymour, I’m a Principal Solutions Architect at AWS and one of our Networking Specialists. This is Thomas Spendley, he is the General Manager for Transit Gateway and our VPN Service. Lets get this out of the way now. This is a Networking session. It’s going to involve Routes and that’s the correct way to say it. I feel though that with Thomas co-presenting his own service with me up here, I should show some respect and at least try to say rowte a few times. We’ll see! We are both looking forward to sharing the details about a new service that the team have been working on for quite a while and that we know our customers will be excited to use.
  2. STEVE So lets jump into it. You may have seen that we have some new Icons – and if not, I think you can decipher the meaning here. If you take the AWS Cloud and need the ability to provide full routing functionality – the result is AWS Transit Gateway. This was announced last night by Peter in his Monday night session and is now generally available for use. It’s a new service that allows customers to interconnect thousands of VPC’s and on-premises networks.
  3. THOMAS Ok, so what is Transit Gateway
  4. THOMAS - AWS Transit Gateway is not a physical device – it’s a fully distributed and managed AWS Service. - It has the capabilities you’d expect to see in order to interconnect thousands of VPC’s, cross accounts, at scale. - It allows you to make very simple or very complex routing decisions based your requirements. - It can also help simplify how you share connectivity from your on-premises environments to your VPCs, for example using AWS VPN. - It provides flexibility with the use of multiple route tables – creating the concept of routing domains which we will talk about more later.
  5. STEVE Ok, so lets examine at a very high level how Transit Gateway could immediately help with some of the Architectures we see you as our customers deploying. Firstly, lets consider a scenario where you have multiple VPC’s deployed – in the same or in multiple accounts
  6. STEVE Assuming you wanted all 4 of these VPC’s to communicate with each other, you would use VPC Peering to build a full mesh of connectivity between them. This doesn’t introduce any bandwidth limits and is very simple to setup – but you can see that even with just four VPC’s, we have 6 Peering connections to create, accept and configure routing for.
  7. STEVE When we introduce Transit Gateway into this scenario, it’s as simple as attaching all four VPC’s to the Transit Gateway and they can all reach each other. Further more, we can keep adding VPC’s with a single attachment API call and join them into this fully routed environment.
  8. STEVE Lets take that same scenario with the full mesh peering and extend that to connect back to an on-premises network via VPN. We are showing a single Customer Gateway – a router – here.
  9. STEVE Well, we need to create an AWS VPN Connection from a VGW from each VPC back to the customer gateway. Of course, each VPN Connection is two tunnels for resilience but I’m showing a single line here representing that because all the tunnels are terminating on the same customer gateway. As we add more VPC’s to the environment, we now need to create more VPN tunnels – which adds increased complexity and configuration requirements for your network.
  10. STEVE Now, with the Transit Gateway, this is hugely simplified. We can simply create a single VPN Connection (still two tunnels) from the customer gateway to the transit gateway and have full access to all of the VPC”s that are attached.
  11. STEVE But of course, if there are two tunnels with resilience on the AWS side, the best practice deployment is to build resilience on the customer gateway side of the VPN’s too.
  12. STEVE … which of course means two customer gateways and another VPN connection per VPC. This is quickly multiplying for a relatively simple scenario here with just four VPC’s and two Customer Gateways.
  13. STEVE As you might have guessed by now, this becomes much simpler with the Transit Gateway where you simply add one additional VPN connection to have that full resilient connectivity to all of your VPC’s in the region.
  14. THOMAS TRANSITION - Ok, so I think you have the concepts – lets move from theory into practice and see what it will take to build the components of a Transit Gateway.
  15. THOMAS - In this scenario we have four VPC’s that are being used for development - each needing to communicate with each other. - The whole environment needs to be connected back to our on-premise network perhaps to reach a code repo or be available for users to test against. - We may need to tear down these VPC’s and create new ones on the fly and don’t want to have the potential delays of building out new VPN’s or re-configuring of our VPN router.
  16. THOMAS Lets start by simply creating four VPC’s in our development account – all within the 10/8 range – 10.1, 10.2, 10.3 and 10.4. These VPC’s have been created with subnets in two availability zones.
  17. THOMAS The first step therefore is to create the new Transit Gateway itself. You can find this in the VPC console and other than providing a name, we are going to leave all of the defaults for this – our first Transit Gateway.
  18. THOMAS -Now once the TGW has been successfully created, we see it’s state as available. -The one thing to remember is that Transit Gateway is a regional object, it’s highly available and created without single points of failure. -If you were in some of the sessions last year – you might be familiar with the ‘HyperPlane’ technology we mentioned – well Transit Gateway is built using that same scalable and highly available building block.
  19. THOMAS -Next, we need to attach our VPC’s. As you can see, this is as simple as choosing the TGW and then providing a subnet for each availability zone. -It is important to remember that TGW is a regional object with Zonal attachments. You only need to connect only ONE subnet for each availability zone in that VPC.
  20. THOMAS We repeat that attachment process three more times – one per VPC – very quick and simple.
  21. THOMAS So if we now take a look in the console, we can see all four VPC attachments now in the available state and the various default parameters being applied to each attachment at the bottom.
  22. THOMAS -Lets jump over to the Transit Gateway Route Table section and take a look there. -What you should immediately see is that the CIDR ranges for our VPC’s are all listed with their associated attachment ID. -This confirms that the transit gateway has a route to each of those VPC’s.
  23. THOMAS -Finally, we always need to consider the return path so lets update the route tables in each of our VPC’s to send traffic for all 10/8 networks via the newly attached TGW. -Just like other target types, you simply enter the TGW ID into the target field and you are good to go.
  24. THOMAS. -Now, to prove this is working, I launched an EC2 instance in each of our VPC’s – I put them in the first subnet with .50 as the last octet to keep things simple. -I then logged into the 10.1 EC2 instance and pinged the other three – as you can see, all of them responded. -These are real screen shots from a real deployment. - It really did only take the steps I’ve went through to establish any-to-any connectivity.
  25. THOMAS -Now in our original scenario, we talked about the requirement to connect to an on-prem network via VPN. -As you might have noticed, this is simply another attachment type. -We choose VPN and then select either an existing defined Customer Gateway or a new one. -The definition of the Customer Gateway identifies the remote IP Address and AS Number for BGP.
  26. THOMAS After it’s created, we switch to the VPN console and simply download our configuration template as normal and apply it to our on-premise router.
  27. THOMAS Looking back at the Transit Gateway Route table, once the VPN Tunnels come up and BGP is established, we see the new 10.99 prefix present in the route table that is coming from our on-prem network via VPN
  28. THOMAS -Jumping back to our test EC2 instance in the 10.1 VPC, we see we can now ping an on-premise host through the VPN using it’s 10.99 address. -We don’t need to do any other configuration here, it’s simply immediately reachable.
  29. THOMAS From the Customer Gateway – which is the on-prem router - if we take a look at it’s BGP route table, we can see the CIDR range being received for each of the attached VPC’s and two paths via the two tunnels that are automatically created for an AWS VPN Connection.
  30. THOMAS -As you’d expect, all of the actions we just did in the console can be done via the AWS Command Line interface or direct via our API’s. -I’m showing you the existing VPN connection API call – all that’s changed is that you can now pass it a Transit Gateway parameter rather than a Virtual Private Gateway.
  31. STEVE
  32. STEVE
  33. STEVE
  34. STEVE
  35. STEVE
  36. STEVE
  37. STEVE
  38. STEVE
  39. STEVE
  40. STEVE
  41. STEVE
  42. STEVE
  43. STEVE
  44. STEVE
  45. STEVE
  46. STEVE
  47. STEVE
  48. STEVE
  49. STEVE
  50. STEVE
  51. STEVE
  52. STEVE
  53. STEVE
  54. STEVE
  55. STEVE
  56. STEVE
  57. STEVE
  58. STEVE
  59. STEVE
  60. STEVE
  61. STEVE TRANSITION – So, we saw with Transit Gateway you can create routing policies which allow you to build an any-to-any topology and even share a VPN connection with any of those VPCs. But, what if you don’t want east-west traffic between VPCs.
  62. STEVE - Back to Dave example, how do I get to an instance in the 10.2 VPC? I look at my VPC1 route table and see an entry for the 10/8 network back to the Transit Gateway
  63. STEVE But when I look at the TGW route-table-A, I realize there is no path to the 10.2 network so the packet is dropped. As you can see there is no way for the traffic to get to VPC 10.2 through TGW but I was still able to share my VPM connection with both VPCs
  64. STEVE TRANSITION – while each of the scenarios can get you started, to get into more complex network setups, we have a session with Nick Matthews on Thursday 12:15-1:15. You will learn how to build complex TGW configurations which allow you to 1) Use a 3rd party partner appliances for Packet Inspection 2) Centralize Egress traffic using a NAT gateway 3) Create High Bandwidth VPN connectivity using ECMP / Equal-Cost Multi-Pathing to your on premise network or network appliances in your VPC.
  65. STEVE
  66. STEVE
  67. STEVE
  68. STEVE
  69. STEVE
  70. STEVE
  71. STEVE
  72. STEVE
  73. STEVE
  74. STEVE
  75. STEVE
  76. STEVE
  77. STEVE
  78. STEVE So lets revisit our earlier explorer … She followed the path from the TGW Route table via the attachment and is now in the VPC. She actually enters the VPC via one of these ENI’s so when looking for the next hop, it’s actually the route table for those subnets that she consults.
  79. STEVE
  80. STEVE
  81. STEVE
  82. STEVE
  83. STEVE
  84. STEVE
  85. STEVE
  86. STEVE
  87. STEVE
  88. STEVE
  89. STEVE
  90. STEVE
  91. STEVE
  92. STEVE
  93. THOMAS So, what other features does a Transit Gateway provide?
  94. THOMAS As I showed you earlier, the process of attaching a VPN connection to a Transit Gateway is simple. All that’s changed is that you now pass a Transit Gateway rather than a Virtual Private Gateway parameter. A long time ask from our customers is the ability to deliver greater than 1Gig IPSec bandwidth for AWS VPN. With a Transit Gateway, customers can use Equal Cost Multi-Pathing (ECMP) to do that.
  95. THOMAS Equal-cost multi-pathing is a routing strategy where next-hop packet forwarding is to a single destination occurs over multiple "best paths"  By advertising the same IP Prefix over all VPN connections, the Transit Gateway will distribute your traffic across those connections. For example, a customer who wants a backup for a 10Gig Direct Connect could establish 8 VPN connections with ECMP to provide equivalent bandwidth.
  96. THOMAS TRANSITION – Transit Gateway also supports DNS. If you have been using DNS resolution for for public names to private addresses over VPC peering, they will continue to work over Transit Gateway attachments. Also, with the newly launched Route 53 resolver endpoints service you can manage your DNS infrastructure in a centralized service VPC and access it from the attached VPCs and VPN connections.
  97. THOMAS TRANSITION – To be able to connect VPCs across multiple accounts, the Transit Gateway uses the newly launched Resource Access Manager (RAM) service. RAM is new a service that enables sharing of AWS resources across different accounts in a centralized way. Step 1, the Transit Gateway Owner Enables sharing by creating a resource share in (RAM) and specifies the principals for who can use it. It is important to remember that Principals must accept the invitation of this resource share if they’re not in the same organization.
  98. THOMAS Step 2, the VPC Owner (the Participant) Requests to attach to the Transit Gateway. Since the Transit Gateway sharing enabled, the Participant account can call describe-transit-gateways. They would call create-transit-gateway-vpc-attachment to attach their VPCs. Step 3, the Transit Gateway Owner Approves or Rejects the attachment request from the Participant. The Transit Gateway owner has the ability to see all of these these attachments requests using the describe-transit-gateway-vpc-attachments. It is important to remember that while Participants can attach to a Transit Gateway, the can not modify the Transit Gateway route tables. This allows for example a Network team to own the Transit Gateway and manage connectivity from on-premise to VPCs while Application teams can attach to a Transit Gateway to leverage shared network resources. They can consume the network but not change it.
  99. THOMAS TRANSITION – here is how you would create a new resource-share from the RAM console. - The first step is to create a new Resource Share itself by providing a name. - You would then select the resource you want to share, in this case the Transit Gateway. For Principals, you would provide the accounts or OUs you want to enable sharing with. It is important to remember here that you can share with any AWS account or your organization. We now have a new resource-share that can be centrally managed. .
  100. THOMAS TRANSITION –Transit Gateway is a fully managed service integrate seamlessly with other AWS services like CloudFormation, CloudWatch, Flow Logs At launch Transit Gateway will support CloudFormation templates. This allows you to easily automate your network build process. Cloudwatch metrics supports traffic counters like packets in /out and dropped packets. You can use Flow Logs by enabling flow logs on the attachment ENIs in the VPC.
  101. THOMAS TRANSITION - as far as Transit Gateway Pricing You will be billed hourly for each attachment to a Transit Gateway. Hourly billing will also start when the AWS Transit Gateway owner accepts your attachment and it stops when the attachment is deleted. Data processing charges apply for each gigabyte sent from an attachment to the Transit Gateway. Each partial hour consumed is billed as a full hour.
  102. THOMAS We are now launched in SIX regions with more to follow by EOY!
  103. THOMAS TRANSITION – the Transit Gateway was designed to support a large number of attachments and number of routes. With 5,000 attachments you can create a large network topology that suits your organizational, customer, or partner needs. A VPC can be connected up to 5 Transit Gateways You can create up to 20 Route Tables aka Routing Domains which allows you to create routing policies to either Share or Isolate network resources.
  104. THOMAS TRANSITION – so, what else do we have in the works for Transit Gateway?
  105. THOMAS You can use Public Direct Connect with AWS VPN to attach to a Transit Gateway We are working to provide Private Direct Connect support through Direct Connect Gateway in Q1 2019. We will be providing Cross Region support in 2019. This will allow you to build a global network that connects TGW-TGW across regions. For example, a branch can establish a private VPN connection to the US East region in N. VA, send traffic to the Asia Pacific region ENCRYPTED out to another private VPN connection to a branch in Mumbai. We are planning to support other advanced routing features such as Policy Based Routing, this allows routing decisions based on properties of the packet other than the destination address.
  106. THOMAS Routing AWS Transit Gateways supports dynamic and static layer 3 routing between Amazon Virtual Private Clouds (VPCs) and site-to-site VPN. Routes determine the next hop depending on the destination IP address of the packet, and can point to an Amazon VPC or to a VPN connection. Edge connectivity You can create VPN connections between your AWS Transit Gateway and on-premises gateways using site-to-site VPN. You can create multiple VPN connections that announce the same prefixes and enable Equal Cost Multipath (ECMP) between these connections. By load-balancing traffic over multiple paths, ECMP can substantially increase the bandwidth. Amazon VPC feature interoperability AWS Transit Gateway enables the resolution of public DNS hostnames to private IP addresses when queried from Amazon VPCs that are also attached to the AWS Transit Gateway. An instance in an Amazon VPC can access a NAT gateway, Network Load Balancer, AWS PrivateLink, and Amazon Elastic File System in others Amazon VPCs that are also attached to the AWS Transit Gateway. Monitoring AWS Transit Gateway provides statistics and logs using AWS services, such as Amazon CloudWatch and Amazon VPC Flow Logs. You can use Amazon CloudWatch to get bandwidth usage between Amazon VPCs and a VPN connection, packet flow count, and packet drop count. You can also enable Amazon VPC Flow Logs on AWS Transit Gateway so you can capture information on the IP traffic routed through the AWS Transit Gateway. Security AWS Transit Gateway is integrated with Identity and Access Management (IAM), enabling you to manage access to AWS Transit Gateway securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to the AWS Transit Gateway.
  107. STEVE
  108. STEVE
  109. STEVE