Transit gateway & VPC peering - IP forwarding
0
A customer has the below set-up:
Branch Subnets----(Layer 2)----> Data Center Subnets ------(VPN Tunnel via AWS Transit Gateway)--------->Transit VPC(AWS)------(VPC Peering)-----> Citrix VPC(AWS)-----(VPC Peering)----> Prod VPC(AWS)
Some constraints:
- Prod VPC and Data Center Subnets have overlapping CIDRs as few servers have IP address affinity.
- Direct VPN connectivity between branches and Citrix VPC would not be possible immediately
Problem - They need to get printing working from Citrix VPC EC2 instances to the printers in Branches. What would be recommended implementation approach for IP forwarding for printing to work knowing the above constraints?
asked 2 years ago8 views
1 Answers
0
Accepted Answer
A few observations:
- Transitive Routing: As VPC Peering doesn't support transitive routing, the path from the Citrix VPC to the Transit VPC over VPC Peering cannot be used to establish connectivity. Unfortunately you comment that "2. Direct VPN connectivity between branches and Citrix VPC would not be possible immediately" rules out one solution approach. Instead you might want to look into connecting the Citrix VPC to the TGW to have a path between Citrix VPC and branches.
- Overlapping CIDRs: You need to clarify what "Prod VPC and Data Center Subnets have overlapping CIDRs" means here. If a host in the Citrix VPC needs to talk to endpoints in the Prod VPC and Data Center Subnet under the same IP address, you'll need to look into NAT. If not, more specific routes might be sufficient.
Relevant questions
AWS Transit Gateway Routing Features
Accepted Answerasked 3 years agoControling BGP Route Propagation in Transit Gateway
Accepted Answerasked 2 years agoAWS Transit Gateway attachment pricing
Accepted Answerasked 2 years agoDoes AWS Transit Gateway peering supports Jumbo frames (MTU)?
Accepted Answerasked 2 years agoTransit Gateway to Direct Connect Gateway to Transit Gateway
Accepted Answerasked 2 years agoAWS Transit Gateway peering encryption
Accepted Answerasked 2 years agoTransit Gateway Inter-region Peering Pricing
Accepted AnswerTransit gateway & VPC peering - IP forwarding
Accepted Answerasked 2 years agoNew VPC Subnets and Transit Gateway attachment
Accepted AnswerTerminate each Site-to-Site VPN Tunnels to Multiple Customer Gateways
Accepted Answerasked 2 years ago