Connecting Multiple VPCs Across Different Accounts to a Private Data Center via Direct Connect

0

We have six VPCs across two AWS accounts that need to be connected to a Private Data Center through Direct Connect, which is on a third AWS account. All of the VPCs are peered with one another. We tried connecting a single Virtual Private Gateway to one of the VPCs, but the Private Data Center was only reachable from that particular VPC. We also attempted to use a Transit Gateway, but the Direct Connect gateway could not accept the association because there were already Virtual Private Gateways attached to it from other accounts.

Our current understanding is that the only viable solution is to use six Virtual Private Gateways, with each VPC connected to a separate Virtual Private Gateway. However, the Network team would prefer to avoid this solution as they want to keep as many free connections as possible in the Direct Connect gateway.

Do you have any suggestions for a solution that would allow us to connect all six VPCs to the Private Data Center via Direct Connect, without using six separate Virtual Private Gateways?

Thank you in advance for your help!

2 Antworten
2

You can look to use DirectConnect Gateway along with Transit gateway to achieve this.

See the example topology in the Hybrid Connectivity whitepaper:

https://docs.aws.amazon.com/whitepapers/latest/hybrid-connectivity/aws-dx-dxgw-with-aws-transit-gateway-multi-regions-and-aws-public-peering.html

Also refer the below documentation for details around Private, Transit & Public VIFs:

https://docs.aws.amazon.com/whitepapers/latest/building-scalable-secure-multi-vpc-network-infrastructure/direct-connect.html

You can not have mix of Private VIF and Transit VIF, see below:

Q: I have an existing AWS Direct Connect gateway attached to a private virtual interface, can I attach a transit virtual interface to this AWS Direct Connect gateway?

No, an AWS Direct Connect Gateway can only have one type of virtual interface attached.

Reference: https://aws.amazon.com/directconnect/faqs/

profile pictureAWS
EXPERTE
beantwortet vor einem Jahr
profile pictureAWS
EXPERTE
überprüft vor einem Jahr
  • This mean either network team add new direct connect gateway or we put 6 virtual private gateways attached to each vpc and associate them with direct connect gateway, right ?

  • You only need 1 DirectConnect gateway which gives you ability to connect upto 3 TGWs across any region, you can also connect the VGWs directly to DXGW. I suggest getting in touch with an AWS Solutions Architect for detail deep dive into your architecture. Also take a look at DX quotas for various VIFs etc: https://docs.aws.amazon.com/directconnect/latest/UserGuide/limits.html

0

This is exactly what we were trying to achieve but... we received error during associating this transit gateway with direct connect gateway:

"errorMessage": "Cannot associate Transit Gateway to Direct Connect Gateway that has Private Virtual Interfaces attached"

If im correct it means if any virtual private gateway is already attached to particular Direct Connect Gateway you cannot attach any transit gateway to it.

beantwortet vor einem Jahr
  • I updated my answer: You can not have mix of Private VIF and Transit VIF, see below:

    Q: I have an existing AWS Direct Connect gateway attached to a private virtual interface, can I attach a transit virtual interface to this AWS Direct Connect gateway?

    No, an AWS Direct Connect Gateway can only have one type of virtual interface attached.

    Reference: https://aws.amazon.com/directconnect/faqs/

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen