AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관

Transit Gateway data encryption

0

Hi, can anybody tell me if and how data is protected while it passes through a Transit Gateway? Consider following setup:

A <-----> TGW <-----> B
   IPSec  ???  IPSec

Traffic is encrypted between A and TGW and between TGW and B, but what about "within" TGW? Pointers to any documentation about what happens there highly appreciated...

Thanks,

Marc

질문됨 3년 전891회 조회
1개 답변
1
수락된 답변

There's some detail missing here - how are the IPSEC tunnels being created? Are A and B instances or sites?

If I assume that you're using the AWS VPN service and that A and B are sites: The traffic within Transit Gateway is not encrypted. Think of Transit Gateway as a cloud-scale router. If you had a router that terminated two IPSEC tunnels and routed between them the traffic on the router is not encrypted as it passes through that device. That's because the router must decrypt the packet from (say) A, determine the appropriate destination (B in this case) and then encrypt it again before sending it onto B.

In general, there are many places in every network where (at least) the IP (and perhaps TCP) headers of a packet need to be visible in order to route the packet(s) correctly. For the payload to remain encrypted at that point requires application-layer security such as TLS. It's the only way to achieve end-to-end encryption between two hosts.

profile pictureAWS
전문가
답변함 3년 전
  • Thanks for your reply and sorry for not being entirely clear. Yes, A and B are meant to be sites using the AWS VPN service.

    Think of Transit Gateway as a cloud-scale router

    This is what I expected, I just wanted to make sure.

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인