By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Migrate from Private VIF to Transit VIF

1

Hello,

I have a customer that is looking at migrating their existing PrivateVIF/DXGW/VGW setup to use TGW. The new setup will preferably be using TransitVIF/DXGW/TGW/VPC. Has anyone executed this change?

In this case, for minimal downtime, is it feasible to setup transitVIF/DXGW/TGW/VPC as a passive link to the original connection and failover? If it is possible, how do we handle the moving parts such as:

  1. VPC Route tables changes, TGW routing
  2. Can we use AS-Path prepend, Local pref to make sure that the redundant link of transitVIF/DXGW/TGW/VPC be the passive link until failover?

Thanks

Topics
Networking & Content Delivery
Tags
AWS Direct ConnectAWS Transit Gateway
Language
English
AWS-User-3917334
asked 4 years ago1530 views
1 Answer
1
Accepted Answer

If the customer has a Dedicated Connection (DX) that allows them to provision new Transit VIF or has ordered new connection via DX Partner they will need a new DXGW. This new DXGW would be attached to Transit Gateway and at this point you will define the prefixes you want to advertise over the new Transit VIF connection towards the on-prem. These prefixes can be edited later so you can add and remove them. These prefixes then can be handled by the customers router as they want. For example they can set the preference to be lower than existing connections or use more specific routing on the existing connections.

The Transit Gateway attachments to VPCs will need static routes added on the VPC routing tables. None of the routes are dynamically propagated from TGW towards VPC attachments. The VPC CIDR can be propagated into the TGW Routing Table.

If they pre-pend AS-Path on their advertisements over this new connection that information will be lost on the DXGW, so the VPCs wouldn't see difference.

So to make this move:

  1. Setup new Transit VIF with new DXGW (can't use DXGW with VGWs attached)
  2. Setup new Transit Gateway and attach it to new DXGW. At this point you can define what prefixes are advertised over the Transit VIF or add them later. But these should be less specific than the existing routes coming over the Private VIF.
  3. Attach VPCs to the Transit Gateway (At this point the traffic from VPCs wont start flowing to TGW as there are no route table entries)
  4. Add less specific routes to the TGW-DXGW attachment if you didn't do it at step 2
  5. Add less specific routes to the VPC route tables towards the on-prem (These two steps will activate routes but they are not prefered as they are less specific)
  6. Shift traffic from the Private VIF to TGW by deactivating route advertisement or shutting down the BGP complete so the less prefered routes are taken into use

Examples of moving connection from VPN + VGW to VPN + TGW: https://aws.amazon.com/premiumsupport/knowledge-center/transit-gateway-migrate-vpn/

profile pictureAWS
EXPERT
Toni_S
answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content