aws site to site vpn private ip vpns over direct connect -- new feature

0

https://aws.amazon.com/blogs/networking-and-content-delivery/introducing-aws-site-to-site-vpn-private-ip-vpns/

  1. Going through the document, It tells to reserve a 10.0.0.0/24 cidr block on the transit gateway, what is the relevance of this block? where is it exactly used? It is not shown in the diagram in the document.

  2. Do we need to carve out a separate cidr for The tunnel IPs, based on the number of tunnels. Is there any special consideration to be followed when assigning the tunnel outside IPs.

  3. Any additional documents available on this topic would be helpful.

What does that Cidr block do? are IPs from the block used anywhere ( tunnel headend or tailend IPs?). I understand the block is used for routing. How does one decide the Tunnel headend and tail end IPs? do the IPs subnets have anything to do with the CIDR block? If I have a 10G pipe, I am assuming I would be using 8 tunnels (1.25 cap), where do i know what the IPs would be? The IP Schema is dictated by what? Does the CIDR play a role here?

  • Hello, it's probably a good idea to not leave additional questions/comments as answers as it's less likely someone will provide you an answer as it looks like the question was already solved. Maybe edit your original question with your additional context and remove the answers you added.

1 Answer
0

1- Going through the document, It tells to reserve a 10.0.0.0/24 cidr block on the transit gateway, what is the relevance of this block? where is it exactly used? It is not shown in the diagram in the document.

  • As in the diagram 10.0.0.0/24 is used as a VPC CIDR for the production VPC while 10.24.10.0/24 is being used a Transit Gateway CIDR block which is used to create transport network for VPN

2- Do we need to carve out a separate cidr for The tunnel IPs, based on the number of tunnels. Is there any special consideration to be followed when assigning the tunnel outside IPs.

  • You can specify a size /24 CIDR block or larger (for example, /23 or /22) for IPv4, or a size /64 CIDR block or larger (for example, /63 or /62) for IPv6 forTransit Gateway CIDR block . You can associate any public or private IP address range, except for addresses in the 169.254.0.0/16 range, and ranges that overlap with the addresses for your VPC attachments and on-premises networks.

3- Any additional documents available on this topic would be helpful.

TGW CIDR block will decide the tunnel outside Ip address for transportation.

answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions