SlideShare a Scribd company logo

AWS Advanced Networking: Transit Gateway

Download as PPTX, PDF
R
RJ Jafarkhani ☁

We review AWS Transit Gateway in a hypothetical advanced/hybrid networking environment. We also touch on a typical client with advanced hybrid cloud topology requirements and how TGW was used to simplify connectivity.

Technology
1 of 34
1 AWS Advanced Networking Part 2: Transit Gateway June 28, 2019
2 Today’s Agenda • Transitive Routing Overview • Traditional AWS Solution • AWS Transit Gateway • Case Study: Client Story
3 Assumptions & Prerequisites • Knowledge of CIDR’s • Some knowledge of IP routing • Some knowledge of AWS VPC’s • Some knowledge of various Network Topologies • Not a comprehensive discussion • Dedicated series
4 Transitive Routing Overview What is it and why do we need a Transit Gateway solution
5 The Concept Quick Overview: Routing Source Destination Gateway 192.168.0.0/24 192.168.1.0/24 192.168.1.1 192.168.0.0/24 192.168.1.0/24 Network A Network B 192.168.1.1192.168.0.1 Destination Gateway 192.168.1.0/24 192.168.1.1 Destination Gateway 192.168.0.0/24 192.168.0.1
6 The Concept Quick Overview: Transitive Routing 192.168.0.0/24 Network A Network B 192.168.1.1192.168.0.1 Destination Gateway 192.168.1.0/24 192.168.1.1 Destination Gateway 192.168.0.0/24 192.168.0.1 Network C 192.168.2.1 Destination Gateway 192.168.1.0/24 192.168.2.0/24 Destination Gateway 192.168.1.0/24 192.168.1.1 Destination Gateway 192.168.0.0/24 192.168.0.1 192.168.2.0/24 192.168.2.1 Destination Gateway 192.168.1.0/24 192.168.1.1 192.168.2.0/24 192.168.1.1 Destination Gateway 192.168.1.0/24 192.168.1.1 192.168.0.0/24 192.168.1.1
7 The Concept Quick Overview: AWS Transitive Routing 192.168.0.0/24 Corp DC Network B 192.168.1.1192.168.0.1 Destination Gateway 192.168.1.0/24 192.168.1.1 Destination Gateway 192.168.0.0/24 192.168.0.1 Network C 192.168.2.1 Destination Gateway 192.168.1.0/24 192.168.2.0/24 Destination Gateway 192.168.1.0/24 192.168.1.1 Destination Gateway 192.168.0.0/24 192.168.0.1 192.168.2.0/24 192.168.2.1 Destination Gateway 192.168.1.0/24 192.168.1.1 192.168.2.0/24 192.168.1.1 Destination Gateway 192.168.1.0/24 192.168.1.1 192.168.0.0/24 192.168.1.1 VPC A VPC B VPN
8 Tradition AWS Solution How do we route across networks in AWS?
9 AWS Options • Transit VPC • VPC Peering
10 AWS Transit VPC • Cisco CSR QuickStart • Other options • Centralized management • Complexity • EC2 base • Lambda • Step Functions • CloudWatch • Traffic scaling issues • Cost
11 AWS VPC Peering • Fun! • Decentralized • Maintenance Overhead • Not suitable for the enterprise
12 Other options…
13 AWS Transit Gateway A new solution
14 Transit Gateway History • Transit Gateway Icon • Initial release on November 2018 • Direct Connect support released April 2019
15 What is Transit Gateway? • Alternative to a Transit VPC. • Not a physical device, it’s a fully managed, distributed AWS Service • Create simple and complex routing decisions based on requirements • Application and Networking teams can move very quickly • Share on-premise connectivity to all of your VPCs • Advanced routing features
16 Limitations • 5000 VPCs to each Transit Gateway • Each attachment can handle up to 50Gbits/second of burst traffic. • AWS Transit Gateway doesn’t support routing between Amazon VPCs with overlapping CIDRS. • Security Group referencing on Amazon VPC is not supported. Spoke VPC can't refer security group of other spokes connected to the gateway. • It does not support cross region VPCs and VPN attachments. (Cross account is supported)
17 Why - Transit Gateway? Interconnecting VPCs at Scale Before: Peering VPCs Together creating complex solutions especially when it scales After: Connect each VPC or VPN to AWS Transit Gateway and it will route traffic to and from each VPC or VPN
18 Why - Transit Gateway? Consolidating Edge Connectivity Multiple VPN Connections, One per VPC Single VPN Ingress / Egress Point
19 Why - Transit Gateway? Consolidating Edge Connectivity – High Resilience Multiple VPN Connections, One per VPC Single VPN Ingress / Egress Point
20 Transit Gateway Key Concepts 1. Attachments 2. Route Tables I. Association II. Propagation
21 Attachments VPC 10.1 VPC 10.2 Attachment Orange Attachment Green
22 Route Tables VPC 10.1 VPC 10.2 Attachment Orange Attachment Green Route Table
23 Association VPC 10.1 VPC 10.2 Attachment Orange Attachment Green Route Table
24 Propagation VPC 10.1.0.0/16 VPC 10.2.0.0/16 Attachment Orange Attachment Green Route Table 10.1.0.0/16 via Orange 10.2.0.0/16 via Green “propagated” “propagated”
25 Transit Gateway Route Table VPC 10.1.0.0/16 VPC 10.2.0.0/16 Attachment Orange Attachment Green Route Table 10.1.0.0/16 via Orange 10.2.0.0/16 via Green By default, everything can route to everything.
26 Multiple Route Tables VPC 10.1.0.0/16 VPC 10.2.0.0/16 Attachment Orange Attachment Green Route Table 10.99.99.0/24 via purp Route Table 10.99.99.0/24 via purp Route Table 10.1.0.0/16 via Orange 10.2.0.0/16 via Green AWS VPN 10.99.99.0/24 via BGP 10.1.0.0/16 via BGP 10.2.0.0/16 via BGP 10.99.99.0/24 Attachment Purple
27 Case Study: Client Migrating to Transit Gateway
28 Client: Before the TGW • Leveraged Aviatrix Hub and Spoke Model
29 Client: With TGW • Route Table Requirements: • Connectivity to the internet through Symantec WSS for DLP • Connectivity to on-prem • Connectivity between VPCs in an environment, but not to other environments • Connectivity across regions
30 Client: With the TGW Connectivity to the internet
31 Considerations & Lessons Learned • Connectivity: • Between systems that are leveraging Aviatrix (or existing Transit VPC) and systems that are leveraging the TGW (ie. During the transition how is communication maintained) • Across regions during the transition • Back to VPCs from on-prem and internet • Route summarization and advertisements back from on-prem during the transition • Preventing connectivity routing through tgw to incorrect environment (Black Holes)
32 Considerations & Lessons Learned • Cannot share the TGW across AWS Organizations (Had to share with each VPC) • Attachments done per AZ if you support multi-az. An eni will be dropped in there • Terraform Limitations: • BlackHole routing was not available (Had to use CLI with Null Resource) • Acceptance of RAM share was not available (Believe this is available now) • Having Health Checks during the migration is a lifesaver!!!!!!!!!!!!!!!!!!!!! • Tested access to internet, shared services, across region and on-prem connectivity
33 RJ Jafarkhani rjj@slalom.com Zubin Ghafari zghafari@slalom.com Scott Meluski scott.meluski@slalom.com Thank you!
© 2018 Slalom, LLC. All rights reserved. The information herein is for informational purposes only and represents the current view of Slalom, LLC. as of the date of this presentation. SLALOM MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Recommended

AWS Transit Gateway-Benefits and Best Practices
AWS Transit Gateway-Benefits and Best PracticesAWS Transit Gateway-Benefits and Best Practices
AWS Transit Gateway-Benefits and Best PracticesJohn Varghese
 
Advanced Architectures with AWS Transit Gateway
Advanced Architectures with AWS Transit GatewayAdvanced Architectures with AWS Transit Gateway
Advanced Architectures with AWS Transit GatewayAmazon Web Services
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
 
Introduction to AWS Cost Management
Introduction to AWS Cost ManagementIntroduction to AWS Cost Management
Introduction to AWS Cost ManagementAmazon Web Services
 
[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018
[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018
[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018Amazon Web Services
 
VPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPCVPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPCAmazon Web Services
 
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAmazon Web Services
 
AWS VPC & Networking basic concepts
AWS VPC & Networking basic conceptsAWS VPC & Networking basic concepts
AWS VPC & Networking basic conceptsAbhinav Kumar
 

Recommended

AWS Transit Gateway-Benefits and Best Practices
AWS Transit Gateway-Benefits and Best PracticesAWS Transit Gateway-Benefits and Best Practices
AWS Transit Gateway-Benefits and Best PracticesJohn Varghese
 
Advanced Architectures with AWS Transit Gateway
Advanced Architectures with AWS Transit GatewayAdvanced Architectures with AWS Transit Gateway
Advanced Architectures with AWS Transit GatewayAmazon Web Services
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
 
Introduction to AWS Cost Management
Introduction to AWS Cost ManagementIntroduction to AWS Cost Management
Introduction to AWS Cost ManagementAmazon Web Services
 
[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018
[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018
[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018Amazon Web Services
 
VPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPCVPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPCAmazon Web Services
 
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAmazon Web Services
 
AWS VPC & Networking basic concepts
AWS VPC & Networking basic conceptsAWS VPC & Networking basic concepts
AWS VPC & Networking basic conceptsAbhinav Kumar
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
On-premise to Microsoft Azure Cloud Migration.
On-premise to Microsoft Azure Cloud Migration. On-premise to Microsoft Azure Cloud Migration.
On-premise to Microsoft Azure Cloud Migration.Emtec Inc.
 
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Web Services
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
Deep Dive on AWS Migration Hub - AWS Online Tech Talks
Deep Dive on AWS Migration Hub - AWS Online Tech TalksDeep Dive on AWS Migration Hub - AWS Online Tech Talks
Deep Dive on AWS Migration Hub - AWS Online Tech TalksAmazon Web Services
 
Azure Networking (1).pptx
Azure Networking (1).pptxAzure Networking (1).pptx
Azure Networking (1).pptxRazith2
 
Cost Optimisation on AWS
Cost Optimisation on AWSCost Optimisation on AWS
Cost Optimisation on AWSAmazon Web Services
 
Microservices for Application Modernisation
Microservices for Application ModernisationMicroservices for Application Modernisation
Microservices for Application ModernisationAjay Kumar Uppal
 
Azure Cost Management
Azure Cost ManagementAzure Cost Management
Azure Cost ManagementStefano Tempesta
 
Aws VPC
Aws VPCAws VPC
Aws VPCAbhishek Amralkar
 
CAF presentation 09 16-2020
CAF presentation 09 16-2020CAF presentation 09 16-2020
CAF presentation 09 16-2020Michael Nichols
 
AWS Tutorial | AWS Certified Solutions Architect | Amazon AWS | AWS Training ...
AWS Tutorial | AWS Certified Solutions Architect | Amazon AWS | AWS Training ...AWS Tutorial | AWS Certified Solutions Architect | Amazon AWS | AWS Training ...
AWS Tutorial | AWS Certified Solutions Architect | Amazon AWS | AWS Training ...Edureka!
 
Azure Cloud Governance
Azure Cloud GovernanceAzure Cloud Governance
Azure Cloud GovernanceJonathan Wade
 
AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...
AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...
AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...Amazon Web Services
 
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Web Services
 
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)Amazon Web Services
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
 
202110 AWS Black Belt Online Seminar AWS Site-to-Site VPN
202110 AWS Black Belt Online Seminar AWS Site-to-Site VPN202110 AWS Black Belt Online Seminar AWS Site-to-Site VPN
202110 AWS Black Belt Online Seminar AWS Site-to-Site VPNAmazon Web Services Japan
 
Azure: PaaS or IaaS
Azure: PaaS or IaaSAzure: PaaS or IaaS
Azure: PaaS or IaaSShahed Chowdhuri
 
Amazon EKS Deep Dive
Amazon EKS Deep DiveAmazon EKS Deep Dive
Amazon EKS Deep DiveAndrzej Komarnicki
 
打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載Amazon Web Services
 
打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載Amazon Web Services
 

More Related Content

What's hot

Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
On-premise to Microsoft Azure Cloud Migration.
On-premise to Microsoft Azure Cloud Migration. On-premise to Microsoft Azure Cloud Migration.
On-premise to Microsoft Azure Cloud Migration.Emtec Inc.
 
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Web Services
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
Deep Dive on AWS Migration Hub - AWS Online Tech Talks
Deep Dive on AWS Migration Hub - AWS Online Tech TalksDeep Dive on AWS Migration Hub - AWS Online Tech Talks
Deep Dive on AWS Migration Hub - AWS Online Tech TalksAmazon Web Services
 
Azure Networking (1).pptx
Azure Networking (1).pptxAzure Networking (1).pptx
Azure Networking (1).pptxRazith2
 
Microservices for Application Modernisation
Microservices for Application ModernisationMicroservices for Application Modernisation
Microservices for Application ModernisationAjay Kumar Uppal
 
CAF presentation 09 16-2020
CAF presentation 09 16-2020CAF presentation 09 16-2020
CAF presentation 09 16-2020Michael Nichols
 
AWS Tutorial | AWS Certified Solutions Architect | Amazon AWS | AWS Training ...
AWS Tutorial | AWS Certified Solutions Architect | Amazon AWS | AWS Training ...AWS Tutorial | AWS Certified Solutions Architect | Amazon AWS | AWS Training ...
AWS Tutorial | AWS Certified Solutions Architect | Amazon AWS | AWS Training ...Edureka!
 
Azure Cloud Governance
Azure Cloud GovernanceAzure Cloud Governance
Azure Cloud GovernanceJonathan Wade
 
AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...
AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...
AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...Amazon Web Services
 
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Web Services
 
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)Amazon Web Services
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
 
202110 AWS Black Belt Online Seminar AWS Site-to-Site VPN
202110 AWS Black Belt Online Seminar AWS Site-to-Site VPN202110 AWS Black Belt Online Seminar AWS Site-to-Site VPN
202110 AWS Black Belt Online Seminar AWS Site-to-Site VPNAmazon Web Services Japan
 

What's hot (20)

Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control Tower
 
On-premise to Microsoft Azure Cloud Migration.
On-premise to Microsoft Azure Cloud Migration. On-premise to Microsoft Azure Cloud Migration.
On-premise to Microsoft Azure Cloud Migration.
 
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control Tower
 
Deep Dive on AWS Migration Hub - AWS Online Tech Talks
Deep Dive on AWS Migration Hub - AWS Online Tech TalksDeep Dive on AWS Migration Hub - AWS Online Tech Talks
Deep Dive on AWS Migration Hub - AWS Online Tech Talks
 
Azure Networking (1).pptx
Azure Networking (1).pptxAzure Networking (1).pptx
Azure Networking (1).pptx
 
Cost Optimisation on AWS
Cost Optimisation on AWSCost Optimisation on AWS
Cost Optimisation on AWS
 
Microservices for Application Modernisation
Microservices for Application ModernisationMicroservices for Application Modernisation
Microservices for Application Modernisation
 
Azure Cost Management
Azure Cost ManagementAzure Cost Management
Azure Cost Management
 
Aws VPC
Aws VPCAws VPC
Aws VPC
 
CAF presentation 09 16-2020
CAF presentation 09 16-2020CAF presentation 09 16-2020
CAF presentation 09 16-2020
 
AWS Tutorial | AWS Certified Solutions Architect | Amazon AWS | AWS Training ...
AWS Tutorial | AWS Certified Solutions Architect | Amazon AWS | AWS Training ...AWS Tutorial | AWS Certified Solutions Architect | Amazon AWS | AWS Training ...
AWS Tutorial | AWS Certified Solutions Architect | Amazon AWS | AWS Training ...
 
Azure Cloud Governance
Azure Cloud GovernanceAzure Cloud Governance
Azure Cloud Governance
 
AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...
AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...
AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...
 
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
 
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS Migrations
 
202110 AWS Black Belt Online Seminar AWS Site-to-Site VPN
202110 AWS Black Belt Online Seminar AWS Site-to-Site VPN202110 AWS Black Belt Online Seminar AWS Site-to-Site VPN
202110 AWS Black Belt Online Seminar AWS Site-to-Site VPN
 
Azure: PaaS or IaaS
Azure: PaaS or IaaSAzure: PaaS or IaaS
Azure: PaaS or IaaS
 
Amazon EKS Deep Dive
Amazon EKS Deep DiveAmazon EKS Deep Dive
Amazon EKS Deep Dive
 

Similar to AWS Advanced Networking: Transit Gateway

打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載Amazon Web Services
 
打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載Amazon Web Services
 
Creating Your Virtual Data Center - AWS Summit Bahrain 2017
Creating Your Virtual Data Center - AWS Summit Bahrain 2017Creating Your Virtual Data Center - AWS Summit Bahrain 2017
Creating Your Virtual Data Center - AWS Summit Bahrain 2017Amazon Web Services
 
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...Amazon Web Services
 
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...Amazon Web Services
 
Amazon Virtual Private Cloud - VPC 2
Amazon Virtual Private Cloud - VPC 2Amazon Virtual Private Cloud - VPC 2
Amazon Virtual Private Cloud - VPC 2AWS Riyadh User Group
 
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013Amazon Web Services
 
Service Discovery: From Classic to VPC
Service Discovery: From Classic to VPCService Discovery: From Classic to VPC
Service Discovery: From Classic to VPCMark Corwin
 
LISA2017 Big Three Cloud Networking
LISA2017 Big Three Cloud NetworkingLISA2017 Big Three Cloud Networking
LISA2017 Big Three Cloud NetworkingChris McEniry
 
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...Amazon Web Services
 
AWS Advanced Networking: BGP
AWS Advanced Networking: BGPAWS Advanced Networking: BGP
AWS Advanced Networking: BGPRJ Jafarkhani ☁
 
Routing for an Anycast CDN
Routing for an Anycast CDNRouting for an Anycast CDN
Routing for an Anycast CDNTom Paseka
 
AWS Hybrid Cloud Connectivity - VPN Solutions
AWS Hybrid Cloud Connectivity - VPN SolutionsAWS Hybrid Cloud Connectivity - VPN Solutions
AWS Hybrid Cloud Connectivity - VPN SolutionsKent Plummer
 
VPC - Module 2 Part 2 - AWSome Day 2017
VPC - Module 2 Part 2 - AWSome Day 2017VPC - Module 2 Part 2 - AWSome Day 2017
VPC - Module 2 Part 2 - AWSome Day 2017Amazon Web Services
 
Creating Your Virtual Data Center
Creating Your Virtual Data CenterCreating Your Virtual Data Center
Creating Your Virtual Data CenterMonica Trantow
 
AWS Summit 2013 | Singapore - Extending your Datacenter with Amazon VPC
AWS Summit 2013 | Singapore - Extending your Datacenter with Amazon VPCAWS Summit 2013 | Singapore - Extending your Datacenter with Amazon VPC
AWS Summit 2013 | Singapore - Extending your Datacenter with Amazon VPCAmazon Web Services
 
Creando una estrategia en el Cloud y acelerar los resultados
Creando una estrategia en el Cloud y acelerar los resultadosCreando una estrategia en el Cloud y acelerar los resultados
Creando una estrategia en el Cloud y acelerar los resultadosAmazon Web Services
 
Crear un centro de datos virtual en AWS
Crear un centro de datos virtual en AWSCrear un centro de datos virtual en AWS
Crear un centro de datos virtual en AWSAmazon Web Services
 

Similar to AWS Advanced Networking: Transit Gateway (20)

打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載
 
打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載
 
Creating Your Virtual Data Center - AWS Summit Bahrain 2017
Creating Your Virtual Data Center - AWS Summit Bahrain 2017Creating Your Virtual Data Center - AWS Summit Bahrain 2017
Creating Your Virtual Data Center - AWS Summit Bahrain 2017
 
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
 
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
 
Amazon Virtual Private Cloud - VPC 2
Amazon Virtual Private Cloud - VPC 2Amazon Virtual Private Cloud - VPC 2
Amazon Virtual Private Cloud - VPC 2
 
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
 
Service Discovery: From Classic to VPC
Service Discovery: From Classic to VPCService Discovery: From Classic to VPC
Service Discovery: From Classic to VPC
 
LISA2017 Big Three Cloud Networking
LISA2017 Big Three Cloud NetworkingLISA2017 Big Three Cloud Networking
LISA2017 Big Three Cloud Networking
 
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
 
AWS Advanced Networking: BGP
AWS Advanced Networking: BGPAWS Advanced Networking: BGP
AWS Advanced Networking: BGP
 
Routing for an Anycast CDN
Routing for an Anycast CDNRouting for an Anycast CDN
Routing for an Anycast CDN
 
AWS Hybrid Cloud Connectivity - VPN Solutions
AWS Hybrid Cloud Connectivity - VPN SolutionsAWS Hybrid Cloud Connectivity - VPN Solutions
AWS Hybrid Cloud Connectivity - VPN Solutions
 
Amazon Virtual Private Cloud
Amazon Virtual Private CloudAmazon Virtual Private Cloud
Amazon Virtual Private Cloud
 
VPC - Module 2 Part 2 - AWSome Day 2017
VPC - Module 2 Part 2 - AWSome Day 2017VPC - Module 2 Part 2 - AWSome Day 2017
VPC - Module 2 Part 2 - AWSome Day 2017
 
Creating Your Virtual Data Center
Creating Your Virtual Data CenterCreating Your Virtual Data Center
Creating Your Virtual Data Center
 
Creating a Virtual Data Center
Creating a Virtual Data CenterCreating a Virtual Data Center
Creating a Virtual Data Center
 
AWS Summit 2013 | Singapore - Extending your Datacenter with Amazon VPC
AWS Summit 2013 | Singapore - Extending your Datacenter with Amazon VPCAWS Summit 2013 | Singapore - Extending your Datacenter with Amazon VPC
AWS Summit 2013 | Singapore - Extending your Datacenter with Amazon VPC
 
Creando una estrategia en el Cloud y acelerar los resultados
Creando una estrategia en el Cloud y acelerar los resultadosCreando una estrategia en el Cloud y acelerar los resultados
Creando una estrategia en el Cloud y acelerar los resultados
 
Crear un centro de datos virtual en AWS
Crear un centro de datos virtual en AWSCrear un centro de datos virtual en AWS
Crear un centro de datos virtual en AWS
 

Recently uploaded

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 

Recently uploaded (20)

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 

AWS Advanced Networking: Transit Gateway

  • 1. 1 AWS Advanced Networking Part 2: Transit Gateway June 28, 2019
  • 2. 2 Today’s Agenda • Transitive Routing Overview • Traditional AWS Solution • AWS Transit Gateway • Case Study: Client Story
  • 3. 3 Assumptions & Prerequisites • Knowledge of CIDR’s • Some knowledge of IP routing • Some knowledge of AWS VPC’s • Some knowledge of various Network Topologies • Not a comprehensive discussion • Dedicated series
  • 4. 4 Transitive Routing Overview What is it and why do we need a Transit Gateway solution
  • 5. 5 The Concept Quick Overview: Routing Source Destination Gateway 192.168.0.0/24 192.168.1.0/24 192.168.1.1 192.168.0.0/24 192.168.1.0/24 Network A Network B 192.168.1.1192.168.0.1 Destination Gateway 192.168.1.0/24 192.168.1.1 Destination Gateway 192.168.0.0/24 192.168.0.1
  • 6. 6 The Concept Quick Overview: Transitive Routing 192.168.0.0/24 Network A Network B 192.168.1.1192.168.0.1 Destination Gateway 192.168.1.0/24 192.168.1.1 Destination Gateway 192.168.0.0/24 192.168.0.1 Network C 192.168.2.1 Destination Gateway 192.168.1.0/24 192.168.2.0/24 Destination Gateway 192.168.1.0/24 192.168.1.1 Destination Gateway 192.168.0.0/24 192.168.0.1 192.168.2.0/24 192.168.2.1 Destination Gateway 192.168.1.0/24 192.168.1.1 192.168.2.0/24 192.168.1.1 Destination Gateway 192.168.1.0/24 192.168.1.1 192.168.0.0/24 192.168.1.1
  • 7. 7 The Concept Quick Overview: AWS Transitive Routing 192.168.0.0/24 Corp DC Network B 192.168.1.1192.168.0.1 Destination Gateway 192.168.1.0/24 192.168.1.1 Destination Gateway 192.168.0.0/24 192.168.0.1 Network C 192.168.2.1 Destination Gateway 192.168.1.0/24 192.168.2.0/24 Destination Gateway 192.168.1.0/24 192.168.1.1 Destination Gateway 192.168.0.0/24 192.168.0.1 192.168.2.0/24 192.168.2.1 Destination Gateway 192.168.1.0/24 192.168.1.1 192.168.2.0/24 192.168.1.1 Destination Gateway 192.168.1.0/24 192.168.1.1 192.168.0.0/24 192.168.1.1 VPC A VPC B VPN
  • 8. 8 Tradition AWS Solution How do we route across networks in AWS?
  • 9. 9 AWS Options • Transit VPC • VPC Peering
  • 10. 10 AWS Transit VPC • Cisco CSR QuickStart • Other options • Centralized management • Complexity • EC2 base • Lambda • Step Functions • CloudWatch • Traffic scaling issues • Cost
  • 11. 11 AWS VPC Peering • Fun! • Decentralized • Maintenance Overhead • Not suitable for the enterprise
  • 14. 14 Transit Gateway History • Transit Gateway Icon • Initial release on November 2018 • Direct Connect support released April 2019
  • 15. 15 What is Transit Gateway? • Alternative to a Transit VPC. • Not a physical device, it’s a fully managed, distributed AWS Service • Create simple and complex routing decisions based on requirements • Application and Networking teams can move very quickly • Share on-premise connectivity to all of your VPCs • Advanced routing features
  • 16. 16 Limitations • 5000 VPCs to each Transit Gateway • Each attachment can handle up to 50Gbits/second of burst traffic. • AWS Transit Gateway doesn’t support routing between Amazon VPCs with overlapping CIDRS. • Security Group referencing on Amazon VPC is not supported. Spoke VPC can't refer security group of other spokes connected to the gateway. • It does not support cross region VPCs and VPN attachments. (Cross account is supported)
  • 17. 17 Why - Transit Gateway? Interconnecting VPCs at Scale Before: Peering VPCs Together creating complex solutions especially when it scales After: Connect each VPC or VPN to AWS Transit Gateway and it will route traffic to and from each VPC or VPN
  • 18. 18 Why - Transit Gateway? Consolidating Edge Connectivity Multiple VPN Connections, One per VPC Single VPN Ingress / Egress Point
  • 19. 19 Why - Transit Gateway? Consolidating Edge Connectivity – High Resilience Multiple VPN Connections, One per VPC Single VPN Ingress / Egress Point
  • 20. 20 Transit Gateway Key Concepts 1. Attachments 2. Route Tables I. Association II. Propagation
  • 24. 24 Propagation VPC 10.1.0.0/16 VPC 10.2.0.0/16 Attachment Orange Attachment Green Route Table 10.1.0.0/16 via Orange 10.2.0.0/16 via Green “propagated” “propagated”
  • 25. 25 Transit Gateway Route Table VPC 10.1.0.0/16 VPC 10.2.0.0/16 Attachment Orange Attachment Green Route Table 10.1.0.0/16 via Orange 10.2.0.0/16 via Green By default, everything can route to everything.
  • 26. 26 Multiple Route Tables VPC 10.1.0.0/16 VPC 10.2.0.0/16 Attachment Orange Attachment Green Route Table 10.99.99.0/24 via purp Route Table 10.99.99.0/24 via purp Route Table 10.1.0.0/16 via Orange 10.2.0.0/16 via Green AWS VPN 10.99.99.0/24 via BGP 10.1.0.0/16 via BGP 10.2.0.0/16 via BGP 10.99.99.0/24 Attachment Purple
  • 28. 28 Client: Before the TGW • Leveraged Aviatrix Hub and Spoke Model
  • 29. 29 Client: With TGW • Route Table Requirements: • Connectivity to the internet through Symantec WSS for DLP • Connectivity to on-prem • Connectivity between VPCs in an environment, but not to other environments • Connectivity across regions
  • 30. 30 Client: With the TGW Connectivity to the internet
  • 31. 31 Considerations & Lessons Learned • Connectivity: • Between systems that are leveraging Aviatrix (or existing Transit VPC) and systems that are leveraging the TGW (ie. During the transition how is communication maintained) • Across regions during the transition • Back to VPCs from on-prem and internet • Route summarization and advertisements back from on-prem during the transition • Preventing connectivity routing through tgw to incorrect environment (Black Holes)
  • 32. 32 Considerations & Lessons Learned • Cannot share the TGW across AWS Organizations (Had to share with each VPC) • Attachments done per AZ if you support multi-az. An eni will be dropped in there • Terraform Limitations: • BlackHole routing was not available (Had to use CLI with Null Resource) • Acceptance of RAM share was not available (Believe this is available now) • Having Health Checks during the migration is a lifesaver!!!!!!!!!!!!!!!!!!!!! • Tested access to internet, shared services, across region and on-prem connectivity
  • 33. 33 RJ Jafarkhani rjj@slalom.com Zubin Ghafari zghafari@slalom.com Scott Meluski scott.meluski@slalom.com Thank you!
  • 34. © 2018 Slalom, LLC. All rights reserved. The information herein is for informational purposes only and represents the current view of Slalom, LLC. as of the date of this presentation. SLALOM MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Editor's Notes

  1. Adv Networking so it would be helpful if you had some knowledge of… CIDR’s…
  2. Forget cloud Here’s Network A and Network B: 192.168… And they want to talk to each other, how?
  3. What if we want to add another network, easy In simple terms, this is how the entire internet work, nearest neighbor
  4. What if we want to add another network, easy In simple terms, this is how the entire internet work, nearest neighbor
  5. Breaking point!
  6. Breaking point!
  7. Breaking point!
  8. Breaking point!
  9. November 2018 Release – Only supported AWS Site-to-Site VPN and Amazon VPC attachments. April 2019, AWS Direct Connect support was released for US-West and US-East regions. There is now support in the regions EU and Asia Pacific as well.
  10. Had to build a Juniper router as it can have a VPN to TGW and Aviatrix without issue, so it was used in each region to handle the connections and propagate the appropriate routes to TGW and vice-versa.
  11. Had to build a Juniper router as it can have a VPN to TGW and Aviatrix without issue, so it was used in each region to handle the connections and propagate the appropriate routes to TGW and vice-versa.