By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Transit Gateway routing table question

0

If I have 3 VPCs (say VPC1,2,3) attaching to a Transit Gateway. VPC3 is a security VPC with a firewall in it. I have a default route in VPC1 and VPC2 pointing to TGW. TGW has a default route pointing to VPC3. Will VPC1 directly communicate with VPC2 ?

thanks !!

Topics
Networking & Content Delivery
Tags
AWS Transit Gateway
Language
English
gongya
asked a month ago155 views
6 Answers
0

if I do not have Spoke TGW RT, only have three attachments on TGW for VPC1, VPC2, and VPC3 and one default route, can VPC1 communicate with VPC2 directly without via the firewall?

thanks a lot !!

gongya
answered a month ago
  • RiKa
    a month ago

    G'day,

    If you have single default Route then VPC1 and VPC2 cannot communicate with each other. With this setup [single default route] the TGW would not know to route the traffic to VPC's. The only route that TGW would know would be to route to Firewall VPC and not to other VPC's.

0

I do not quite understand your Spoke TGW RT.

gongya
answered a month ago
  • RiKa
    a month ago

    Spoke TGW Route Table would need to be associated with Firewall VPC attachment to route the traffic between VPC's once the traffic has been inspected by firewall.

0

Answer:

This depends on whether Transit gateway [TGW] Route table [RT] has routes pointing to VPC's [1 and 2] attachment

Detailed Explanation

All 3 VPC's connect to Transit Gateway.

VPC1 [Worloads] ---- TGW 
VPC 2 [Workloads] --- TGW
VPC3  [Firewall] --- TGW

Here there are 2 pointers to be considered

VPC Routing table:
[+] VPC RT can be pointed towards TGW
TGW Routing table: 
[+] Here is where you would need to check if you have routing between VPC1 and VPC2.

Ideal use-case wherein Firewall would be used for Inspection:

[+] Connect all 3 VPC's to TGW

VPC1 TGW attachment

VPC2 TGW attachment

VPC3 TGW attachment

TGW would have 2 Route tables namely

Firewall TGW RT - This would be associated with VPC1 and VPC2 TGW attachment
0.0.0.0/0 ---> VPC3 TGW attachment

Spoke TGW RT - This would be associated with VPC3 attachment
VPC1 CIDR -- VPC1 TGW attachment
VPC2 CIDR -- VPC2 TGW attachment

I hope this helps.

AWS
RiKa
answered a month ago
profile picture
EXPERT
Steve_M
reviewed a month ago
0

Pleae find the digram attached if you want the traffic between both the VPC's to be inspected. Enter image description here

AWS
RiKa
answered a month ago
profile pictureAWS
EXPERT
Tushar_J
reviewed a month ago
0

sorry, I might not have been clear on my question. VCP1 (10.10.1.0/24), VPC2 (10.10.2.0/24) and VPC3 (10.10.3.0/24) are all attached to the same TGW route table. TGW has 3 static routes

  1. default route --> VP3
  2. 10.10.1.0/24 --> VPC1
  3. 10.10.2.0/24 --> VPC2 My question is the traffic between VPC1 and VPC2 goes through VPC3 or not .

My understanding is NOT. but I do not have AWS account to test.

thanks !!

gongya
answered a month ago
0

I think I know what I have missed. Only attaching VPC1 and VPC2 to the same route table is not enough to make traffic flow between VPC1 and VPC2, I need to propagate them to make traffic flow.

Am I right ? (I do not have access to AWS to test yet)

thanks for https://www.youtube.com/watch?v=j7Lcd0gHxg0&t=984s&pp=ygUYYXdzIHRyYW5zaXQgZ2F0ZXdheSBkZW1v

gongya
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content