- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
if I do not have Spoke TGW RT, only have three attachments on TGW for VPC1, VPC2, and VPC3 and one default route, can VPC1 communicate with VPC2 directly without via the firewall?
thanks a lot !!
I do not quite understand your Spoke TGW RT.
Spoke TGW Route Table would need to be associated with Firewall VPC attachment to route the traffic between VPC's once the traffic has been inspected by firewall.
Answer:
This depends on whether Transit gateway [TGW] Route table [RT] has routes pointing to VPC's [1 and 2] attachment
Detailed Explanation
All 3 VPC's connect to Transit Gateway.
VPC1 [Worloads] ---- TGW
VPC 2 [Workloads] --- TGW
VPC3 [Firewall] --- TGW
Here there are 2 pointers to be considered
VPC Routing table:
[+] VPC RT can be pointed towards TGW
TGW Routing table:
[+] Here is where you would need to check if you have routing between VPC1 and VPC2.
Ideal use-case wherein Firewall would be used for Inspection:
[+] Connect all 3 VPC's to TGW
VPC1 TGW attachment
VPC2 TGW attachment
VPC3 TGW attachment
TGW would have 2 Route tables namely
Firewall TGW RT - This would be associated with VPC1 and VPC2 TGW attachment
0.0.0.0/0 ---> VPC3 TGW attachment
Spoke TGW RT - This would be associated with VPC3 attachment
VPC1 CIDR -- VPC1 TGW attachment
VPC2 CIDR -- VPC2 TGW attachment
I hope this helps.
Pleae find the digram attached if you want the traffic between both the VPC's to be inspected.
sorry, I might not have been clear on my question. VCP1 (10.10.1.0/24), VPC2 (10.10.2.0/24) and VPC3 (10.10.3.0/24) are all attached to the same TGW route table. TGW has 3 static routes
- default route --> VP3
- 10.10.1.0/24 --> VPC1
- 10.10.2.0/24 --> VPC2 My question is the traffic between VPC1 and VPC2 goes through VPC3 or not .
My understanding is NOT. but I do not have AWS account to test.
thanks !!
I think I know what I have missed. Only attaching VPC1 and VPC2 to the same route table is not enough to make traffic flow between VPC1 and VPC2, I need to propagate them to make traffic flow.
Am I right ? (I do not have access to AWS to test yet)
thanks for https://www.youtube.com/watch?v=j7Lcd0gHxg0&t=984s&pp=ygUYYXdzIHRyYW5zaXQgZ2F0ZXdheSBkZW1v
Contenuto pertinente
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata un anno fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 2 anni fa
G'day,
If you have single default Route then VPC1 and VPC2 cannot communicate with each other. With this setup [single default route] the TGW would not know to route the traffic to VPC's. The only route that TGW would know would be to route to Firewall VPC and not to other VPC's.