Scribd Logo
Upload

Welcome to Scribd!

  • 2018 1218-NET Slide-Deck

    Uploaded by

    bobwillmore
    32 views45 pages
    aws transit gtw

    Original Title

    2018_1218-NET_Slide-Deck (1)

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    aws transit gtw

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    32 views45 pages

    2018 1218-NET Slide-Deck

    Uploaded by

    bobwillmore
    aws transit gtw

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 45

    Introducing AWS Transit

    Gateway
    Nick Matthews Mohamed Hassan
    Principal Solutions Architect Senior Product Manager
    AWS EC2 Networking, AWS
    @nickpowpow @mohnader

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    What is Transit Gateway ?

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Introducing AWS Transit Gateway

    A gateway that provides simple, scalable, and secure


    connectivity across networks

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Before Transit Gateway

    Connecting large Connecting on-premises Complex configurations


    number of VPCs in a networks to each new VPC can are prone to human error
    mesh is challenging to take weeks to months to
    implement due to customer's
    manage internal processes
    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    AWS Transit Gateway

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Getting Started with Transit
    Gateway

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Scenario
    AWS Cloud

    • Connecting Multiple VPC’s


    • Any to any communication
    • Sharing a single VPN Connection

    On-Premise

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Four VPC’s

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Create a Transit Gateway

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Create a Transit Gateway

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Create VPC Attachments

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Create VPC Attachments

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    View VPC Attachments

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Transit Gateway Route Table

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Update VPC Route Tables

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Scenario
    AWS Cloud

    • Connecting Multiple VPC’s


    • Any to any communication
    • Sharing a single VPN Connection

    On-Premise

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Test Connectivity

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Scenario
    AWS Cloud

    • Connecting Multiple VPC’s


    • Any to any communication
    • Sharing a single VPN Connection

    On-Premise

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Create a VPN Attachment

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Download the Configuration

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Complete – VPN UP

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Complete – VPC to the CGW via VPN

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Complete – view from the CGW

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Transit Gateway Basics

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Attachment Association Propagation
    The connection from a The route table used to The route table where the
    Amazon VPC and VPN to route packets coming from attachment’s routes are
    a TGW an attachment (from an installed
    Amazon VPC and VPN)

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Attachments – VPC’s

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Attachments – VPC’s

    10.1

    VPC
    att-red att-blue

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Attachments – ”associated” route table

    10.1

    VPC
    att-red att-blue

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Attachments – “propagation” of routes

    10.1

    VPC
    att-red att-blue

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Attachments – ‘associated & propagated route
    table’

    att-red att-blue

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Attachments – TGW Route Table is complete

    10.1

    VPC
    att-red att-blue

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Attachments – VPC’s Route Tables

    10.1

    VPC
    att-red att-blue

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    The Default

    10.1

    VPC
    att-red att-blue

    On-Premise

    10.99.99.0/24 via BGP AWS


    10.1.0.0/16 via BGP VPN
    10.2.0.0/16 via BGP

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Routing Domains

    att-blue
    10.1

    VPC
    att-red

    On-Premise

    10.99.99.0/24 via BGP AWS


    10.1.0.0/16 via BGP VPN
    10.2.0.0/16 via BGP

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Transit Gateway Use Cases

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Use Case 1: Shared Services with Transit Gateway
    VPCs attach to a route table with
    routes to shared resources

    Shared resources attach to a


    route table with routes to all
    resources

    Route Destination
    VPC 10.0.0.0/8 VPN
    10.4.0.0/16 vpc-att-4xxxx

    Transit Gateway
    Shared Route Destination Route Destination
    10.1.0.0/16 vpc-att-1xxxx 10.3.0.0/16 vpc-att-3xxxx
    services + VPN
    10.2.0.0/16 vpc-att-2xxxx 10.4.0.0/16 vpc-att-4xxxx

    VPN
    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Use Case 2: Outbound Internet with NAT Gateway
    VPC A VPC B
    10.1.0.0/16 10.2.0.0/16 Spoke route table Outbound VPC route table
    Route Destination Route Destination
    10.2.0.0/16 Local 100.64.0.0/16 Local
    0.0.0.0/0 tgw-xxxxxxxxx 10.0.0.0/8 tgw-xxxxxxxxx
    0.0.0.0/0 igw-xxxxxxxxx

    Apply SNAT
    outbound to the
    internet
    SNAT

    0.0.0.0/0 vpc-att-outbound 10.1.0.0/16 vpc-att-a Outbound VPC


    10.2.0.0/16 vpc-att-b 100.64.0.0/16
    SNAT

    VPC route domain Outbound route domain

    Transit Gateway
    SNAT

    Route Destination
    0.0.0.0/0 ngw-xxxxxxx
    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    VPC Attachment route table, per AZ
    Use Case 3: Outbound services VPC
    VPC A VPC B
    10.1.0.0/16 10.2.0.0/16 Spoke route table Outbound VPC route table
    Route Destination Route Destination
    10.2.0.0/16 Local 100.64.0.0/16 Local
    0.0.0.0/0 tgw-xxxxxxxxx 10.0.0.0/8 tgw-xxxxxxxxx
    0.0.0.0/0 igw-xxxxxxxxx

    ECMP Apply SNAT


    VPN outbound to the
    internet
    SNAT

    0.0.0.0/0 Outbound VPC VPN 10.1.0.0/16 vpc-att-a Outbound VPC


    10.2.0.0/16 vpc-att-b 100.64.0.0/16
    SNAT

    VPC route domain Outbound route domain

    Transit Gateway
    SNAT

    BGP prefix Next hop


    0.0.0.0/0 Local IP
    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    BGP advertisement
    BGP prefix Next hop

    Use case 4: Edge services VPC: SD-WAN Many prefixes Local IP

    VPC A
    10.1.0.0/16 Spoke route table Edge VPC route table
    SNAT
    Route Destination Route Destination Edge VPC
    10.1.0.0/16 Local 100.64.0.0/16 Local 100.64.0.0/16
    0.0.0.0/0 tgw-xxxxxxxxx 10.0.0.0/8 tgw-xxxxxxxxx
    SNAT Only stateful
    0.0.0.0/0 igw-xxxxxxxxx services require
    Can be a summary or
    default route in each VPC NAT
    SNAT
    ECMP
    VPN
    Tunnels
    and BGP
    Many Prefixes Edge VPC VPN 10.1.0.0/16 vpc-att-a
    Data Center, Branches,
    Clients, etc.
    VPC route domain Edge route domain Use cases:
    Transit Gateway
    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Future plans and Conclusion

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Future Plans

    • Direct Connect Gateway Attachments

    • Transit Gateway Inter-Region Peering

    • Additional advanced routing features

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    AWS Transit Gateway

    • Easier connectivity • Edge connectivity

    • Better visibility and control • Feature interoperability

    • On-demand bandwidth • Monitoring

    • Routing • Security

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    FAQ

    • What is the bandwidth Limit for a VPC attachment?


    • How does high availability of Transit Gateway work?
    • Does it work with PrivateLink and Network Load Balancers?
    • What if I am using SD-WAN, how do I connect Transit Gateway?
    • Should I use multiple Transit Gateways or routing domains?
    • How does Transit Gateway handle encryption?

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Related Material
    • Product Page
    https://aws.amazon.com/transit-gateway/
    • Documentation
    https://docs.aws.amazon.com/vpc/latest/tgw/
    • NET331 : Introducing AWS Transit Gateway (300 Level Deep
    Dive)
    https://youtu.be/yQGxPEGt_-w
    • NET402 : Transit Gateway : Reference Architectures for Many
    VPC’s
    https://youtu.be/ar6sLmJ45xs

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Thank you, questions?
    tgw-feedback@amazon.com

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

    You might also like