Uploaded byRJ Jafarkhani ☁
PPTX, PDF425 views

AWS Advanced Networking: Transit Gateway

The document discusses AWS Transit Gateway, an advanced networking solution designed for routing between Amazon VPCs and on-premise data centers. It contrasts this solution with traditional options like transit VPCs and VPC peering, while outlining its key concepts, features, and limitations. A case study illustrates a client's migration to Transit Gateway, highlighting connectivity considerations and lessons learned during the transition.

Technology
Related topics:
Hybrid Cloud

Embed presentation

Downloaded 23 times
1 AWS Advanced Networking Part 2: Transit Gateway June 28, 2019
2 Today’s Agenda • Transitive Routing Overview • Traditional AWS Solution • AWS Transit Gateway • Case Study: Client Story
3 Assumptions & Prerequisites • Knowledge of CIDR’s • Some knowledge of IP routing • Some knowledge of AWS VPC’s • Some knowledge of various Network Topologies • Not a comprehensive discussion • Dedicated series
4 Transitive Routing Overview What is it and why do we need a Transit Gateway solution
5 The Concept Quick Overview: Routing Source Destination Gateway 192.168.0.0/24 192.168.1.0/24 192.168.1.1 192.168.0.0/24 192.168.1.0/24 Network A Network B 192.168.1.1192.168.0.1 Destination Gateway 192.168.1.0/24 192.168.1.1 Destination Gateway 192.168.0.0/24 192.168.0.1
6 The Concept Quick Overview: Transitive Routing 192.168.0.0/24 Network A Network B 192.168.1.1192.168.0.1 Destination Gateway 192.168.1.0/24 192.168.1.1 Destination Gateway 192.168.0.0/24 192.168.0.1 Network C 192.168.2.1 Destination Gateway 192.168.1.0/24 192.168.2.0/24 Destination Gateway 192.168.1.0/24 192.168.1.1 Destination Gateway 192.168.0.0/24 192.168.0.1 192.168.2.0/24 192.168.2.1 Destination Gateway 192.168.1.0/24 192.168.1.1 192.168.2.0/24 192.168.1.1 Destination Gateway 192.168.1.0/24 192.168.1.1 192.168.0.0/24 192.168.1.1
7 The Concept Quick Overview: AWS Transitive Routing 192.168.0.0/24 Corp DC Network B 192.168.1.1192.168.0.1 Destination Gateway 192.168.1.0/24 192.168.1.1 Destination Gateway 192.168.0.0/24 192.168.0.1 Network C 192.168.2.1 Destination Gateway 192.168.1.0/24 192.168.2.0/24 Destination Gateway 192.168.1.0/24 192.168.1.1 Destination Gateway 192.168.0.0/24 192.168.0.1 192.168.2.0/24 192.168.2.1 Destination Gateway 192.168.1.0/24 192.168.1.1 192.168.2.0/24 192.168.1.1 Destination Gateway 192.168.1.0/24 192.168.1.1 192.168.0.0/24 192.168.1.1 VPC A VPC B VPN
8 Tradition AWS Solution How do we route across networks in AWS?
9 AWS Options • Transit VPC • VPC Peering
10 AWS Transit VPC • Cisco CSR QuickStart • Other options • Centralized management • Complexity • EC2 base • Lambda • Step Functions • CloudWatch • Traffic scaling issues • Cost
11 AWS VPC Peering • Fun! • Decentralized • Maintenance Overhead • Not suitable for the enterprise
12 Other options…
13 AWS Transit Gateway A new solution
14 Transit Gateway History • Transit Gateway Icon • Initial release on November 2018 • Direct Connect support released April 2019
15 What is Transit Gateway? • Alternative to a Transit VPC. • Not a physical device, it’s a fully managed, distributed AWS Service • Create simple and complex routing decisions based on requirements • Application and Networking teams can move very quickly • Share on-premise connectivity to all of your VPCs • Advanced routing features
16 Limitations • 5000 VPCs to each Transit Gateway • Each attachment can handle up to 50Gbits/second of burst traffic. • AWS Transit Gateway doesn’t support routing between Amazon VPCs with overlapping CIDRS. • Security Group referencing on Amazon VPC is not supported. Spoke VPC can't refer security group of other spokes connected to the gateway. • It does not support cross region VPCs and VPN attachments. (Cross account is supported)
17 Why - Transit Gateway? Interconnecting VPCs at Scale Before: Peering VPCs Together creating complex solutions especially when it scales After: Connect each VPC or VPN to AWS Transit Gateway and it will route traffic to and from each VPC or VPN
18 Why - Transit Gateway? Consolidating Edge Connectivity Multiple VPN Connections, One per VPC Single VPN Ingress / Egress Point
19 Why - Transit Gateway? Consolidating Edge Connectivity – High Resilience Multiple VPN Connections, One per VPC Single VPN Ingress / Egress Point
20 Transit Gateway Key Concepts 1. Attachments 2. Route Tables I. Association II. Propagation
21 Attachments VPC 10.1 VPC 10.2 Attachment Orange Attachment Green
22 Route Tables VPC 10.1 VPC 10.2 Attachment Orange Attachment Green Route Table
23 Association VPC 10.1 VPC 10.2 Attachment Orange Attachment Green Route Table
24 Propagation VPC 10.1.0.0/16 VPC 10.2.0.0/16 Attachment Orange Attachment Green Route Table 10.1.0.0/16 via Orange 10.2.0.0/16 via Green “propagated” “propagated”
25 Transit Gateway Route Table VPC 10.1.0.0/16 VPC 10.2.0.0/16 Attachment Orange Attachment Green Route Table 10.1.0.0/16 via Orange 10.2.0.0/16 via Green By default, everything can route to everything.
26 Multiple Route Tables VPC 10.1.0.0/16 VPC 10.2.0.0/16 Attachment Orange Attachment Green Route Table 10.99.99.0/24 via purp Route Table 10.99.99.0/24 via purp Route Table 10.1.0.0/16 via Orange 10.2.0.0/16 via Green AWS VPN 10.99.99.0/24 via BGP 10.1.0.0/16 via BGP 10.2.0.0/16 via BGP 10.99.99.0/24 Attachment Purple
27 Case Study: Client Migrating to Transit Gateway
28 Client: Before the TGW • Leveraged Aviatrix Hub and Spoke Model
29 Client: With TGW • Route Table Requirements: • Connectivity to the internet through Symantec WSS for DLP • Connectivity to on-prem • Connectivity between VPCs in an environment, but not to other environments • Connectivity across regions
30 Client: With the TGW Connectivity to the internet
31 Considerations & Lessons Learned • Connectivity: • Between systems that are leveraging Aviatrix (or existing Transit VPC) and systems that are leveraging the TGW (ie. During the transition how is communication maintained) • Across regions during the transition • Back to VPCs from on-prem and internet • Route summarization and advertisements back from on-prem during the transition • Preventing connectivity routing through tgw to incorrect environment (Black Holes)
32 Considerations & Lessons Learned • Cannot share the TGW across AWS Organizations (Had to share with each VPC) • Attachments done per AZ if you support multi-az. An eni will be dropped in there • Terraform Limitations: • BlackHole routing was not available (Had to use CLI with Null Resource) • Acceptance of RAM share was not available (Believe this is available now) • Having Health Checks during the migration is a lifesaver!!!!!!!!!!!!!!!!!!!!! • Tested access to internet, shared services, across region and on-prem connectivity
33 RJ Jafarkhani rjj@slalom.com Zubin Ghafari zghafari@slalom.com Scott Meluski scott.meluski@slalom.com Thank you!
© 2018 Slalom, LLC. All rights reserved. The information herein is for informational purposes only and represents the current view of Slalom, LLC. as of the date of this presentation. SLALOM MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

More Related Content

PPTX
AWS Transit Gateway-Benefits and Best Practices
byJohn Varghese
 
PDF
AWS Connectivity, VPC Design and Security Pro Tips
byShiva Narayanaswamy
 
PPTX
Amazon Web Services (AWS) Elastic Compute Cloud (EC2)
byKaivalya Shah
 
PDF
Amazon EC2 notes.pdf
byyididya3
 
PPTX
Hashicorp Terraform Open Source vs Enterprise
byStenio Ferreira
 
PPTX
AWS Certified Solutions Architect Professional Course S1-S5
byNeal Davis
 
PPTX
Aws route 53
byRafael Salerno de Oliveira
 
PDF
AWS Outposts Update
byAWS Daily News
 
AWS Transit Gateway-Benefits and Best Practices
byJohn Varghese
 
AWS Connectivity, VPC Design and Security Pro Tips
byShiva Narayanaswamy
 
Amazon Web Services (AWS) Elastic Compute Cloud (EC2)
byKaivalya Shah
 
Amazon EC2 notes.pdf
byyididya3
 
Hashicorp Terraform Open Source vs Enterprise
byStenio Ferreira
 
AWS Certified Solutions Architect Professional Course S1-S5
byNeal Davis
 
Aws route 53
byRafael Salerno de Oliveira
 
AWS Outposts Update
byAWS Daily News
 

What's hot

PPTX
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
bySimplilearn
 
PDF
AWS Black Belt Online Seminar 2016 クラウドのためのアーキテクチャ設計 -ベストプラクティス-
byAmazon Web Services Japan
 
PPTX
AWS solution Architect Associate study material
byNagesh Ramamoorthy
 
PDF
20201028 AWS Black Belt Online Seminar Amazon CloudFront deep dive
byAmazon Web Services Japan
 
PDF
AWS Black Belt Techシリーズ AWS IAM
byAmazon Web Services Japan
 
PDF
AWS Black Belt Online Seminar AWS Direct Connect
byAmazon Web Services Japan
 
PDF
20190730 AWS Black Belt Online Seminar Amazon CloudFrontの概要
byAmazon Web Services Japan
 
PDF
202110 AWS Black Belt Online Seminar AWS Site-to-Site VPN
byAmazon Web Services Japan
 
PDF
20180221 AWS Black Belt Online Seminar AWS Lambda@Edge
byAmazon Web Services Japan
 
PDF
AWS Transit Gateway를 통한 Multi-VPC 아키텍처 패턴 - 강동환 솔루션즈 아키텍트, AWS :: AWS Summit ...
byAmazon Web Services Korea
 
PDF
AWS Black Belt Online Seminar 2016 AWS上でのActive Directory構築
byAmazon Web Services Japan
 
PDF
Aws organizations
byOlaf Conijn
 
PDF
20200722 AWS Black Belt Online Seminar AWSアカウント シングルサインオンの設計と運用
byAmazon Web Services Japan
 
PDF
AWS 클라우드 보안 및 규정 준수 소개 (박철수) - AWS 웨비나 시리즈
byAmazon Web Services Korea
 
PDF
AWS Black Belt Tech シリーズ 2016 - Amazon SQS / Amazon SNS
byAmazon Web Services Japan
 
PDF
AWS Black Belt Techシリーズ 2015 Amazon Elastic Block Store (EBS)
byAmazon Web Services Japan
 
PDF
20200422 AWS Black Belt Online Seminar Amazon Elastic Container Service (Amaz...
byAmazon Web Services Japan
 
PDF
20190424 AWS Black Belt Online Seminar Amazon Aurora MySQL
byAmazon Web Services Japan
 
PDF
20191002 AWS Black Belt Online Seminar Amazon EC2 Auto Scaling and AWS Auto S...
byAmazon Web Services Japan
 
PDF
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...
byEdureka!
 
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
bySimplilearn
 
AWS Black Belt Online Seminar 2016 クラウドのためのアーキテクチャ設計 -ベストプラクティス-
byAmazon Web Services Japan
 
AWS solution Architect Associate study material
byNagesh Ramamoorthy
 
20201028 AWS Black Belt Online Seminar Amazon CloudFront deep dive
byAmazon Web Services Japan
 
AWS Black Belt Techシリーズ AWS IAM
byAmazon Web Services Japan
 
AWS Black Belt Online Seminar AWS Direct Connect
byAmazon Web Services Japan
 
20190730 AWS Black Belt Online Seminar Amazon CloudFrontの概要
byAmazon Web Services Japan
 
202110 AWS Black Belt Online Seminar AWS Site-to-Site VPN
byAmazon Web Services Japan
 
20180221 AWS Black Belt Online Seminar AWS Lambda@Edge
byAmazon Web Services Japan
 
AWS Transit Gateway를 통한 Multi-VPC 아키텍처 패턴 - 강동환 솔루션즈 아키텍트, AWS :: AWS Summit ...
byAmazon Web Services Korea
 
AWS Black Belt Online Seminar 2016 AWS上でのActive Directory構築
byAmazon Web Services Japan
 
Aws organizations
byOlaf Conijn
 
20200722 AWS Black Belt Online Seminar AWSアカウント シングルサインオンの設計と運用
byAmazon Web Services Japan
 
AWS 클라우드 보안 및 규정 준수 소개 (박철수) - AWS 웨비나 시리즈
byAmazon Web Services Korea
 
AWS Black Belt Tech シリーズ 2016 - Amazon SQS / Amazon SNS
byAmazon Web Services Japan
 
AWS Black Belt Techシリーズ 2015 Amazon Elastic Block Store (EBS)
byAmazon Web Services Japan
 
20200422 AWS Black Belt Online Seminar Amazon Elastic Container Service (Amaz...
byAmazon Web Services Japan
 
20190424 AWS Black Belt Online Seminar Amazon Aurora MySQL
byAmazon Web Services Japan
 
20191002 AWS Black Belt Online Seminar Amazon EC2 Auto Scaling and AWS Auto S...
byAmazon Web Services Japan
 
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...
byEdureka!
 

Similar to AWS Advanced Networking: Transit Gateway

PPTX
AWS re:Inforce 2019 Builders session: Simplify and secure your network archit...
byBhavin Desai, CCIE Security
 
PDF
Zero to Hero for Network Admins on AWS
byWilson Rogerio Lopes
 
PDF
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
byAWS Summits
 
PDF
AWS reinvent 2019 recap - Riyadh - Network and Security - Anver Vanker
byAWS Riyadh User Group
 
PDF
Architecting Advanced Network Security Across VPCs with AWS Transit Gateway
byCynthia Hsieh
 
PDF
Three Innovations that Define a “Next-Generation Global Transit Hub”
byKhash Nakhostin
 
PPTX
AWS Networking & Content Delivery related to cloud computing
bydivyasabharwal77
 
PPTX
Bhopal_MuleSoft_Meetup_12June2022_MuleSoft Transit Gateway - Overview and Dem...
byShekh Muenuddeen
 
PPTX
M3 BASCIS VIRTUAL PRIVATE CLOUD AND NETWORKS.pptx
bykumar23bai10076
 
PDF
Simplifying AWS Network Patterns for Complex Networking Requirements
byAWS User Group - Thailand
 
PDF
AWS Network Architecture Rework
byOlaf Reitmaier Veracierta
 
PDF
Building an IoT SuperNetwork on top of the AWS Global Infrastructure
bySteffen Gebert
 
PPTX
Craig Johnson When VPCs Attack: Real-Life Cloud Networking Fails (and Fixes)
byAWS Chicago
 
PPTX
AWS Hybrid Cloud Connectivity - VPN Solutions
byKent Plummer
 
PPTX
AWS Certified Solutions Architect Professional Course S6-S9
byNeal Davis
 
PDF
Reach: Solving AWS Networking Problems Faster
byDanLuhring
 
PPTX
WilliamCollins_Road-to-Transit-Gateway.pptx
byAWS Chicago
 
PPTX
Building A Cloud-Native Advanced Logistics Ecosystem
byChristian Deger
 
PPTX
Networking Best Practices for Your Serverless Applications
byChris Munns
 
PDF
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
byKhash Nakhostin
 
AWS re:Inforce 2019 Builders session: Simplify and secure your network archit...
byBhavin Desai, CCIE Security
 
Zero to Hero for Network Admins on AWS
byWilson Rogerio Lopes
 
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
byAWS Summits
 
AWS reinvent 2019 recap - Riyadh - Network and Security - Anver Vanker
byAWS Riyadh User Group
 
Architecting Advanced Network Security Across VPCs with AWS Transit Gateway
byCynthia Hsieh
 
Three Innovations that Define a “Next-Generation Global Transit Hub”
byKhash Nakhostin
 
AWS Networking & Content Delivery related to cloud computing
bydivyasabharwal77
 
Bhopal_MuleSoft_Meetup_12June2022_MuleSoft Transit Gateway - Overview and Dem...
byShekh Muenuddeen
 
M3 BASCIS VIRTUAL PRIVATE CLOUD AND NETWORKS.pptx
bykumar23bai10076
 
Simplifying AWS Network Patterns for Complex Networking Requirements
byAWS User Group - Thailand
 
AWS Network Architecture Rework
byOlaf Reitmaier Veracierta
 
Building an IoT SuperNetwork on top of the AWS Global Infrastructure
bySteffen Gebert
 
Craig Johnson When VPCs Attack: Real-Life Cloud Networking Fails (and Fixes)
byAWS Chicago
 
AWS Hybrid Cloud Connectivity - VPN Solutions
byKent Plummer
 
AWS Certified Solutions Architect Professional Course S6-S9
byNeal Davis
 
Reach: Solving AWS Networking Problems Faster
byDanLuhring
 
WilliamCollins_Road-to-Transit-Gateway.pptx
byAWS Chicago
 
Building A Cloud-Native Advanced Logistics Ecosystem
byChristian Deger
 
Networking Best Practices for Your Serverless Applications
byChris Munns
 
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
byKhash Nakhostin
 

Recently uploaded

PPT
HDTV and DTV Standards: The United States Opts for a Digital HDTV Standard
byJeffrey Hart
 
PPTX
DATALIVA-Presentation-EN_2026 Budgeting SAP Odoo ERP
byMustafa Kuğu
 
PDF
Beyond BBB: Practical Alternatives to Posterior Approximation in Bayesian Neu...
byTomasz Kusmierczyk
 
PDF
Chapter 1 Introduction to Computer Security.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
DevOps GenAI_ How Generative AI Is Changing Software Delivery.pdf
byDevseccops.ai
 
PDF
Artificial Intelligence(AI) full Book.pdf
bydeyanimesh299
 
PPTX
AN Introduction to UNIX File System—An Approach
bysonjuktaweb
 
PDF
Azure Identity, Governance, and Monitoring solutions
byVICTOR MAESTRE RAMIREZ
 
PDF
Digital Transformation Services The Key to Futureproofing Your Business
byQuadrafort Technolgies
 
PPTX
Unit 1 Introduction of Computer Networks
bySuvarnaSharma5
 
PDF
How Application Performance Monitoring Tools Are Used in Performance Testing
byhenrycavill30521
 
PDF
Generating Structured Outputs from Unstructured Content Using LLMs
byEnterprise Knowledge
 
PDF
How to Connect HP LaserJet MFP M234dwe to WiFi
byPrinter Tales
 
PPTX
SRWE_Module_14_SRWE_ccna_basics_routing_concepts.pptx
byahmedmahmoudece
 
PPT
Information and Communication Technologies and Power
byJeffrey Hart
 
PDF
What is Voice User Interface (VUI) Definition & Examples.pdf
byDesign Studio UI UX
 
PDF
threat-hunters-cookbook for cybersecurity
bylobster6719
 
PDF
DataLiva-LivaGRC- Business Software for Governance, Risk, and Compliance
byMustafa Kuğu
 
PDF
SEO in Charleston SC | Local SEO Strategies to Grow Your Business.pdf
bycustomdigitalsolutio1
 
PPTX
Pizza Chain Market Data Scraping for Better Insights Report.pptx
byWeb Data Crawler
 
HDTV and DTV Standards: The United States Opts for a Digital HDTV Standard
byJeffrey Hart
 
DATALIVA-Presentation-EN_2026 Budgeting SAP Odoo ERP
byMustafa Kuğu
 
Beyond BBB: Practical Alternatives to Posterior Approximation in Bayesian Neu...
byTomasz Kusmierczyk
 
Chapter 1 Introduction to Computer Security.pdf
byGetnet Tigabie Askale -(GM)
 
DevOps GenAI_ How Generative AI Is Changing Software Delivery.pdf
byDevseccops.ai
 
Artificial Intelligence(AI) full Book.pdf
bydeyanimesh299
 
AN Introduction to UNIX File System—An Approach
bysonjuktaweb
 
Azure Identity, Governance, and Monitoring solutions
byVICTOR MAESTRE RAMIREZ
 
Digital Transformation Services The Key to Futureproofing Your Business
byQuadrafort Technolgies
 
Unit 1 Introduction of Computer Networks
bySuvarnaSharma5
 
How Application Performance Monitoring Tools Are Used in Performance Testing
byhenrycavill30521
 
Generating Structured Outputs from Unstructured Content Using LLMs
byEnterprise Knowledge
 
How to Connect HP LaserJet MFP M234dwe to WiFi
byPrinter Tales
 
SRWE_Module_14_SRWE_ccna_basics_routing_concepts.pptx
byahmedmahmoudece
 
Information and Communication Technologies and Power
byJeffrey Hart
 
What is Voice User Interface (VUI) Definition & Examples.pdf
byDesign Studio UI UX
 
threat-hunters-cookbook for cybersecurity
bylobster6719
 
DataLiva-LivaGRC- Business Software for Governance, Risk, and Compliance
byMustafa Kuğu
 
SEO in Charleston SC | Local SEO Strategies to Grow Your Business.pdf
bycustomdigitalsolutio1
 
Pizza Chain Market Data Scraping for Better Insights Report.pptx
byWeb Data Crawler
 

AWS Advanced Networking: Transit Gateway

  • 1.
    1 AWS Advanced Networking Part2: Transit Gateway June 28, 2019
  • 2.
    2 Today’s Agenda • Transitive RoutingOverview • Traditional AWS Solution • AWS Transit Gateway • Case Study: Client Story
  • 3.
    3 Assumptions & Prerequisites •Knowledge of CIDR’s • Some knowledge of IP routing • Some knowledge of AWS VPC’s • Some knowledge of various Network Topologies • Not a comprehensive discussion • Dedicated series
  • 4.
    4 Transitive Routing Overview What is itand why do we need a Transit Gateway solution
  • 5.
    5 The Concept Quick Overview:Routing Source Destination Gateway 192.168.0.0/24 192.168.1.0/24 192.168.1.1 192.168.0.0/24 192.168.1.0/24 Network A Network B 192.168.1.1192.168.0.1 Destination Gateway 192.168.1.0/24 192.168.1.1 Destination Gateway 192.168.0.0/24 192.168.0.1
  • 6.
    6 The Concept Quick Overview:Transitive Routing 192.168.0.0/24 Network A Network B 192.168.1.1192.168.0.1 Destination Gateway 192.168.1.0/24 192.168.1.1 Destination Gateway 192.168.0.0/24 192.168.0.1 Network C 192.168.2.1 Destination Gateway 192.168.1.0/24 192.168.2.0/24 Destination Gateway 192.168.1.0/24 192.168.1.1 Destination Gateway 192.168.0.0/24 192.168.0.1 192.168.2.0/24 192.168.2.1 Destination Gateway 192.168.1.0/24 192.168.1.1 192.168.2.0/24 192.168.1.1 Destination Gateway 192.168.1.0/24 192.168.1.1 192.168.0.0/24 192.168.1.1
  • 7.
    7 The Concept Quick Overview:AWS Transitive Routing 192.168.0.0/24 Corp DC Network B 192.168.1.1192.168.0.1 Destination Gateway 192.168.1.0/24 192.168.1.1 Destination Gateway 192.168.0.0/24 192.168.0.1 Network C 192.168.2.1 Destination Gateway 192.168.1.0/24 192.168.2.0/24 Destination Gateway 192.168.1.0/24 192.168.1.1 Destination Gateway 192.168.0.0/24 192.168.0.1 192.168.2.0/24 192.168.2.1 Destination Gateway 192.168.1.0/24 192.168.1.1 192.168.2.0/24 192.168.1.1 Destination Gateway 192.168.1.0/24 192.168.1.1 192.168.0.0/24 192.168.1.1 VPC A VPC B VPN
  • 8.
    8 Tradition AWS Solution How dowe route across networks in AWS?
  • 9.
    9 AWS Options • TransitVPC • VPC Peering
  • 10.
    10 AWS Transit VPC •Cisco CSR QuickStart • Other options • Centralized management • Complexity • EC2 base • Lambda • Step Functions • CloudWatch • Traffic scaling issues • Cost
  • 11.
    11 AWS VPC Peering •Fun! • Decentralized • Maintenance Overhead • Not suitable for the enterprise
  • 12.
  • 13.
  • 14.
    14 Transit Gateway History •Transit Gateway Icon • Initial release on November 2018 • Direct Connect support released April 2019
  • 15.
    15 What is TransitGateway? • Alternative to a Transit VPC. • Not a physical device, it’s a fully managed, distributed AWS Service • Create simple and complex routing decisions based on requirements • Application and Networking teams can move very quickly • Share on-premise connectivity to all of your VPCs • Advanced routing features
  • 16.
    16 Limitations • 5000 VPCsto each Transit Gateway • Each attachment can handle up to 50Gbits/second of burst traffic. • AWS Transit Gateway doesn’t support routing between Amazon VPCs with overlapping CIDRS. • Security Group referencing on Amazon VPC is not supported. Spoke VPC can't refer security group of other spokes connected to the gateway. • It does not support cross region VPCs and VPN attachments. (Cross account is supported)
  • 17.
    17 Why - TransitGateway? Interconnecting VPCs at Scale Before: Peering VPCs Together creating complex solutions especially when it scales After: Connect each VPC or VPN to AWS Transit Gateway and it will route traffic to and from each VPC or VPN
  • 18.
    18 Why - TransitGateway? Consolidating Edge Connectivity Multiple VPN Connections, One per VPC Single VPN Ingress / Egress Point
  • 19.
    19 Why - TransitGateway? Consolidating Edge Connectivity – High Resilience Multiple VPN Connections, One per VPC Single VPN Ingress / Egress Point
  • 20.
    20 Transit Gateway KeyConcepts 1. Attachments 2. Route Tables I. Association II. Propagation
  • 21.
  • 22.
  • 23.
  • 24.
    24 Propagation VPC 10.1.0.0/16 VPC 10.2.0.0/16 Attachment Orange AttachmentGreen Route Table 10.1.0.0/16 via Orange 10.2.0.0/16 via Green “propagated” “propagated”
  • 25.
    25 Transit Gateway RouteTable VPC 10.1.0.0/16 VPC 10.2.0.0/16 Attachment Orange Attachment Green Route Table 10.1.0.0/16 via Orange 10.2.0.0/16 via Green By default, everything can route to everything.
  • 26.
    26 Multiple Route Tables VPC 10.1.0.0/16 VPC 10.2.0.0/16 AttachmentOrange Attachment Green Route Table 10.99.99.0/24 via purp Route Table 10.99.99.0/24 via purp Route Table 10.1.0.0/16 via Orange 10.2.0.0/16 via Green AWS VPN 10.99.99.0/24 via BGP 10.1.0.0/16 via BGP 10.2.0.0/16 via BGP 10.99.99.0/24 Attachment Purple
  • 27.
  • 28.
    28 Client: Before the TGW •Leveraged Aviatrix Hub and Spoke Model
  • 29.
    29 Client: With TGW • RouteTable Requirements: • Connectivity to the internet through Symantec WSS for DLP • Connectivity to on-prem • Connectivity between VPCs in an environment, but not to other environments • Connectivity across regions
  • 30.
    30 Client: With theTGW Connectivity to the internet
  • 31.
    31 Considerations & LessonsLearned • Connectivity: • Between systems that are leveraging Aviatrix (or existing Transit VPC) and systems that are leveraging the TGW (ie. During the transition how is communication maintained) • Across regions during the transition • Back to VPCs from on-prem and internet • Route summarization and advertisements back from on-prem during the transition • Preventing connectivity routing through tgw to incorrect environment (Black Holes)
  • 32.
    32 Considerations & LessonsLearned • Cannot share the TGW across AWS Organizations (Had to share with each VPC) • Attachments done per AZ if you support multi-az. An eni will be dropped in there • Terraform Limitations: • BlackHole routing was not available (Had to use CLI with Null Resource) • Acceptance of RAM share was not available (Believe this is available now) • Having Health Checks during the migration is a lifesaver!!!!!!!!!!!!!!!!!!!!! • Tested access to internet, shared services, across region and on-prem connectivity
  • 33.
  • 34.
    © 2018 Slalom,LLC. All rights reserved. The information herein is for informational purposes only and represents the current view of Slalom, LLC. as of the date of this presentation. SLALOM MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Editor's Notes

  • #4 Adv Networking so it would be helpful if you had some knowledge of… CIDR’s…
  • #6 Forget cloud Here’s Network A and Network B: 192.168… And they want to talk to each other, how?
  • #7 What if we want to add another network, easy In simple terms, this is how the entire internet work, nearest neighbor
  • #8 What if we want to add another network, easy In simple terms, this is how the entire internet work, nearest neighbor
  • #10 Breaking point!
  • #11 Breaking point!
  • #12 Breaking point!
  • #13 Breaking point!
  • #15  November 2018 Release – Only supported AWS Site-to-Site VPN and Amazon VPC attachments. April 2019, AWS Direct Connect support was released for US-West and US-East regions. There is now support in the regions EU and Asia Pacific as well.
  • #32 Had to build a Juniper router as it can have a VPN to TGW and Aviatrix without issue, so it was used in each region to handle the connections and propagate the appropriate routes to TGW and vice-versa.
  • #33 Had to build a Juniper router as it can have a VPN to TGW and Aviatrix without issue, so it was used in each region to handle the connections and propagate the appropriate routes to TGW and vice-versa.