Dear Team - i have below setup.
on-prem --> Direct connect -> Direct connect gateway --> TGW --> Peering --> Cloudwan.
TGW has two route table, one prod and one Hybrid.
Cloudwan has two segment, prod and Hybrid.
Both route table are extended to respective cloudwan segment through TGW-Cloudwan peering.
Direct connect GW is associated and propagated to Hybrid RT.
Direct connect GW is also propagated to Prod Route table. On-prem routes are rightly getting propagated in both the TGW route tables. I can ping on-prem host from EC2 VM of Hybrid Cloudwan side of segment.
In the cloudwan core network route section of prod segment, I can see on-prem route towards transit gateway route table as below.
CIDR - 198.168.0.0/16 (on-prem routes)
Destination - attachment-0d5a74dd546bdfdfd | transit-gateway-route-table | tgw-rtb-0191skldjks878
Route Type - Propogated
However, i can not ping on-prem host from cloudwan prod segment EC2 VM. i believe, because Hybrid RT does not have propagated routes of cloudwan prod segment for reverse traffic from on-prem ?
When i try to propagate cloudwan peering attachment in Hybrid RT, i am getting error "You cannot propagate a peering attachment to a Transit Gateway Route Table"
Does it mean that, on-prem routes we are getting from direct connect can only work/reachable from single segment of cloudwan ? does aws has any documentation on this?
Thanks team
Thanks Tushar_J - Yes, i can ping after the segment sharing of CloudWAN Prod and Hybrid segments. My goal is to inspect the traffic as well. So in the segment sharing, i can not inspect the traffic, right? or i need to remove the segment sharing and send the traffic from prod to hybrid via NFG. is this correct understanding ?
Correct, then you wouldn't want to share the segments directly between Prod and Hybrid. If you intend to inspect the traffic then send the traffic via the NFG as you said.