Understanding AWS Transit Gateway Routing

By
Isaac Ortega
-
0
11
Asked By TechGuru23 On

I'm trying to grasp how routing works with AWS Transit Gateways (TGW). I know that standard VPC subnet routing relies on the subnet's routing table to redirect traffic once it exits the subnet, similar to how a traditional layer 3 router operates.

However, TGWs have their own route tables and attachments. For example, I've connected a couple of VPCs to a TGW with custom non-default routing tables for better isolation. Additionally, I have a VPN linked to the TGW, which also has its own routing table.

I've heard that when traffic leaves the TGW attachment, that is when the TGW routing table is applied. Now, I'm trying to figure out how the routing table is utilized. Specifically, is the routing table used in this way:
1. VPC -- Source_TGW_attach --> Route table (of source) --> TGW --> Destination_TGW_attach (VPC/VPN) --> Destination

Or is it utilized like this:
2. VPC -- Source_TGW_attach --> TGW --> Destination_TGW_attach (VPC/VPN) --> Route table (of destination) --> Destination

Essentially, which routing table is engaged—the one from the source VPC/VPN or the destination VPC/VPN?

3 Answers

Answered By LearningNinja77 On

When traffic is sent from any attachment to the TGW, the TGW routing table that is used corresponds to the source attachment. Each attachment can only be associated with one TGW route table, and you can set different route tables for each attachment to manage and segment traffic within the same TGW. Note that the maximum number of TGW route tables you can have per TGW is 20.

Answered By NetworkWhiz99 On

The routing for packets always depends on the next hop determined by the routing table. The VPC route table decides which TGW attachment to use, while the route table for the source attachment specifies all possible destinations for a packet. The route table of the target attachment doesn't impact the outgoing packet; however, any return packets will use the target attachment's routing table, as that's viewed as the next hop when leaving the destination VPC.

Answered By DiagramDynamo On

When I was setting this up, I had to draw a ton of diagrams! I feel like the user interface makes things seem a bit backwards. After figuring it all out in the UI, I switched to CloudFormation stacks, which makes it way easier to just copy and paste for future setups.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.