By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Traffic cost in a HUB to HUB topology with Transit gateway peering attachment

0

Hello,

I am trying to calculate an estimate per gb cost for a complex deployment that includes 2 accounts acting as network hubs. Topology - Flow:

  1. s2s vpn connection from onprem dc to TGW 1
  2. Transit gateway peering attachment to TGW 2 in same region
  3. All traffic is getting forwarded to Inspection VPC (vendor NVA) through a VPC attachment
  4. After inspection traffic returns to TGW and get routed to the final destination VPC (VPC attachment)

From my understanding for east us 1 the traffic (only) charges will be: 0.09/gb for the VPN 0.02/gb for processing traffic in TGW1 (TGW2 in the peering will not be charged) 0.02/gb for processing traffic in TGW2 to send to Inspection VPC 0.02/gb for processing traffic in TGW2 to send to Workload VPC after inspection.

I am missing anything? Is this calculation accurate?

Thank you

Topics
Networking & Content DeliveryCloud Financial Management
Tags
Amazon VPCAWS Transit GatewayPricing
Language
English
benesnpl
asked 11 days ago75 views
2 Answers
0

Thank you for the answer. The 2 TGW in the same region are needed because each hub account (and the connected VPC spokes) are managed by different MSP with different NVA/policies etc. I am getting confussed on the charges that will occur after traffic arrives on second TGW. TGW will process the traffic (if process means check TGW RT and forward) 2 times. One to send to security VPC and one to send from security VPC to destination. I understand that will charge 2*0.02$. Also what about charges of the return traffic.

benesnpl
answered 11 days ago
  • Tushar_J EXPERT
    11 days ago

    TGW2 will not incur charges, see this example in the pricing page (in your example there is no inter-region charge as both TGWs are in the same region): Transit Gateway data processing charge across peering attachments: 1 GB was sent from an EC2 instance #1 in a VPC attached to Transit Gateway #1 (N. Virginia region) over a peering attachment to Transit Gateway #2 (Oregon region), where it will reach EC2 instance #2 within a VPC. The total traffic related charges will result in a charge of $0.04. This charge comprises $0.02 for Transit Gateway Data Processing on Transit Gateway #1 along with $0.02 for outbound inter-Region data transfer charges. Here Transit Gateway #2 will not incur data processing charges, as they do not apply for data sent from a peering attachment to a Transit Gateway. As inbound inter-Region data transfer charges are free, no further charges apply to the Transit Gateway #2 (Oregon region) side.

  • benesnpl
    11 days ago

    Based on my TGW 2 routing table, traffic will flow first to firewall through a VPC attachment and then through another VPC attachment to final destination (workload server), nothing else will be charged? AWS example stays in a single hope after the TGW peering attachment.

0

Why do you want to use 2 TGWs in a single region? Note below 2 points from Transit gateway design best practices

  • You do not need additional transit gateways for high availability, because transit gateways are highly available by design.
  • For redundancy, use a single transit gateway in each Region for disaster recovery.

If you still decide to go ahead with 2 TGWs, data sent over the peering attachment to TGW2 does not incur data processing charges, as mentioned in the TGW pricing page

Data processing charges do not apply for data sent from a peering attachment to a Transit Gateway

profile pictureAWS
EXPERT
Tushar_J
answered 11 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content