Earlier before the invention of AWS Transit Gateway, solution architect designed connectivity with VPCs using the following methods;
- VPC peering: full private ip connectivity between VPCs, it is non-transitive. For instance, A company has 10 VPCs, there is a need to enable connectivity across all the VPCs. Using the full mesh formula,
No of VPC peering = n(n-1)/2
where n is the number of VPCS
No of VPC peering = 10(10-1)/2
No of VPC peering = 45
This infers that the network architect needs to setup 45 VPC peering connections to connectivity across 10 VPCs.
According to AWS;
- 125 Amazon VPC Peering connection per Amazon VPC
- 50 static routes per Amazon VPC route table(default)
VPN connection: a secured tunnel connection over the public using a between on-premise network to AWS VPC. The Virtual private network is achieved between the customer gateway CGW and virtual gateway VGW on the AWS VPC.
Also, this is an independent connection to each VPC from the customer network. using the above example, the company would need to setup 10 VPN connections.AWS Direct connect: Dedicated connection between the customer network and the AWS network with high bandwidth and availability. Independent connection is built from the direct connect gateway to each VPC.
With the architecture above has several limitations;
- Time consuming
- Prone to errors
- Complicated with many routes on the route table
- Non-Scalable
Let's discuss about the growth...
Amazon Web Services (AWS) Transit Gateway is a fully managed service that enables customers to connect their Amazon Virtual Private Clouds (VPCs) and on-premises data centers to a single network. This service simplifies the network architecture and management, making it easier for customers to connect their distributed networks.
One of the main benefits of Transit Gateway is that it allows customers to connect multiple VPCs and on-premises networks to a single transit network, reducing the need for complex peering connections. This simplifies the network architecture and reduces the number of devices required to connect the various VPCs and on-premises networks.
In addition, Transit Gateway enables customers to scale their network connections easily and quickly. customers can add or remove connections to the transit network without any downtime, and the service automatically scales to handle the increased traffic.
TGW Route Table
VPC A: Attachment 1
VPC B: Attachment 2
VPC C: Attachment 3
VPC D: Attachment 4
On-prem: VPN
Attachment: A VPN and Amazon VPC connection to the Transit Gateway
Association: The packets from the attachment are routed using a route table.
Propagation: Route tables where the attachment's routes are installed.propagation
According to AWS;
- 5 TGWs per account/ TGW attachment per Amazon VPC
- 10,000 routes per TGW
- 5,000 TGW Attachment per region per account
- Support up to 5,000 VPCs
- 50Gbps maximum burstable bandwidth per attachment
- 1.25Gbps maximum bandwidth per VPN connection
Overall, AWS Transit Gateway has greatly increase the scalability and availability of hybrid connectivity of Amazon VPCs to corporate data centers.
Next article will discuss on the implementation of AWS Transit gateway across VPCs in single and multiple AWS accounts.