AWS TRANSIT GATEWAY

Transit Gateway

Transit Gateway, introduced in 2018, helps manage multiple VPCs and connect AWS to on-premises networks. It simplifies inter-VPC connectivity by acting as a centralized hub, replacing the complex mesh architecture required in traditional VPC peering.

Objectives

• To understand the architecture and setup process of AWS Transit Gateway.
• To demonstrate practical implementation through a lab, including routing, EC2 instance setup, and connectivity tests.

AWS Transit Gateway Overview and Key Benefits

• Simplified Inter-VPC Connectivity: Transit Gateway uses a hub-and-spoke model, eliminating the need for full-mesh connectivity (n(n-1)/2 connections).
• Centralized Traffic Inspection: By deploying virtual appliances in a centralized VPC, traffic can be monitored efficiently.
• Scalability: Allows interconnection of thousands of VPCs and on-premises networks.

Key Features:
o Multicast support
o Appliance mode
o Availability Zone considerations
o Transit Gateway sharing

Supported Attachments:
o VPCs
o Peering connections with other Transit Gateways
o SD-WAN or third-party network appliances (via Connect)
o VPNs
o Direct Connect Gateway

Transit Gateway Setup

Prerequisites

• VPCs should not have overlapping CIDRs.
• Supports both Static Routing and Dynamic Routing (via Border Gateway Protocol).

AWS TRANSIT GATEWAY LAB TOPOLOGY

Lab Steps

Step 1: Create Three VPCs and Subnets:

• VPC-A: 172.16.0.0/16

Public Subnet-A: 172.16.0.0/24
Private Subnet-A: 172.16.1.0/24

• VPC-B: 172.17.0.0/16
  Private Subnet-B: 172.17.1.0/24

• VPC-C: 172.18.0.0/16
  Private Subnet-C: 172.18.1.0/24

VPC CREATED

SUBNETS

Step 2: Create a route for each VPC.

Step 3: Create Transit Gateway.

Step 4: Create Attachments for Each VPC.
Attach VPC-A, VPC-B, and VPC-C to the Transit Gateway.

Step 5: Modify Route Tables:
Create a static route in VPC-A pointing to VPC-B and VPC-C.

Create a static route in VPC-B pointing to VPC-A and VPC-C.

Create a static route in VPC-C pointing to VPC-A and VPC-B.

Step 6: Deploy a Jump Host in VPC-A
Public subnet: 172.16.0.0/24.
Public Subnet IP Address-A: 172.16.0.7

Step 7: Launch EC2 Instances in Each VPC

• Public subnet IP Address-A = 172.16.0.7/24
• Private Subnet IP Address -A = 172.16.1.95/24
• Private Subnet IP Address -B= 172.17.1.108 /24
• Private Subnet IP Address -C = 172.18.1.153 /24

Step 8: Testing Connectivity:
SSH from the Jump Host in VPC-A to EC2 instances in VPC-B and VPC-C.
Ping between private IPs to verify routing:
VPC-A ↔ VPC-B

**VPC-A ↔ VPC-C**

CONCLUSION

AWS Transit Gateway provides a scalable and efficient solution for managing multiple VPCs and connecting on-premises networks. Its hub-and-spoke architecture simplifies inter-VPC connectivity, eliminates the complexities of full-mesh peering, and centralizes traffic inspection for better network visibility and security. With features like multicast support, dynamic and static routing, and compatibility with SD-WAN and Direct Connect, Transit Gateway is ideal for organizations seeking a robust and streamlined networking solution.

By following the outlined steps to set up and test Transit Gateway, users can efficiently connect and manage their VPCs, ensuring seamless communication and optimized network performance. Whether for large-scale enterprise use or smaller deployments, AWS Transit Gateway offers the flexibility and reliability needed to meet modern networking demands.