Hey folks! I'm trying to get a better grasp on Transit Gateway (TGW) routing in AWS, as I seem to forget the details every time I work with it. I've learned that for standard VPC subnet routing, the subnet's routing table dictates where traffic goes once it leaves the subnet, similar to a traditional Layer 3 router.
However, I'm a bit confused about how routing works with TGWs. I have multiple VPCs connected to a TGW, each with non-default routing tables for isolation. There's also a VPN connected to the TGW with its own routing table. I've heard that the TGW routing table comes into play when traffic exits the TGW attachment.
Here's what I'm trying to clarify: In this scenario,
1. VPC -- Source_TGW_attach --> Route table (of source) --> TGW --> Destination_TGW_attach (VPC/VPN) --> Destination,
or
2. VPC -- Source_TGW_attach --> TGW --> Destination_TGW_attach (VPC/VPN) --> Route table (of destination) --> Destination,
which routing table is actually used? Is it the one from the source VPC/VPN or the destination VPC/VPN? I hope that makes sense!
3 Answers
When an attachment sends traffic to the TGW, it's the TGW route table associated with the source attachment that’s used. Each attachment can only link to one TGW route table. You can have different TGW route tables for different attachments to manage and segment networks effectively on a single TGW. Just so you know, the standard limit is 20 TGW route tables per TGW.
A router or route table always determines the next hop. The VPC route table decides which TGW attachment to utilize. The route table on the source attachment lists all possible destinations for the packet. The target attachment's route table doesn't affect outgoing packets. However, any return packets will rely on the target attachment’s route table since the VPC will recognize that as the next hop.
Awesome! Thanks for clarifying that for me.
I had to draw a ton of diagrams when I set this up! The UI can make things seem a bit confusing, at least for me. Once I got everything working, I switched over to CloudFormation stacks so I can just copy-paste in the future.
Same here! I might need to revisit those diagrams to see if what I learned here connects. The UI has tripped me up a bit as well!
Ah this sums it up nicely! I had the opposite thought that the exit from the TGW would determine the route table. Appreciate the clarification.