By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Optimizing TGW Routing for Select VPC Subnets in DX Communication Scenario

0

A client has a specific requirement to establish communication between a VPC and an on-premises network via Direct Connect (DX), utilizing a Transit Gateway (TGW). This communication is necessary for a subset of private subnets within the VPC; specifically, out of the existing 6 private subnets, only 3 need to establish connectivity to the on-premises environment.

Here's the sequence of actions I've undertaken to address this requirement:

  1. I initiated the creation of a TGW attachment dedicated to the target VPC.

  2. I crafted and associated a route table with the above attachment to facilitate the connection.

My current deliberation centers around the need to set up propagation within the TGW route table. My understanding is that the entire CIDR range of the VPC would be disseminated. Nevertheless, I'm contemplating if there's a method to permit solely the 3 specific subnets to engage with the on-premises infrastructure. Furthermore, I'm exploring the feasibility of condensing the route information for these subnets, streamlining the connection to the on-premises network.

I'm seeking guidance on how to effectively address this scenario, ensuring that only the designated 3 subnets are authorized for communication while concurrently optimizing the route configuration.

Topics
Networking & Content Delivery
Tags
AWS Direct ConnectAWS Transit Gateway
Language
English
Ali Md
asked 8 months ago265 views
2 Answers
0
Accepted Answer

In your case you will be using Transit virtual interface + Direct Connect gateway + Transit Gateway, the prefixes advertised to on-premises would be controlled via the allowed prefixes field under Direct Connect gateway.

In the allowed prefixes you can define the 3 subnets that you wish to establish the connectivity with on-premises., and on-premises will only receive those three subnets CIDRs.

Below are two guides goes through the same, https://repost.aws/knowledge-center/direct-connect-vpc-bgp https://docs.aws.amazon.com/directconnect/latest/UserGuide/allowed-to-prefixes.html#allowed-to-prefixes-transit-gateway

profile pictureAWS
Matt_E
answered 8 months ago
profile picture
EXPERT
Sedat Salman
reviewed 8 months ago
profile pictureAWS
EXPERT
Tushar_J
reviewed 8 months ago
0

Hello.
As you recognize, when route propagation is enabled, the CIDR of the VPC is advertised as the route.
However, we thought we could control communication with the on-premises by configuring routing to the Transit Gateway only in the route table of the subnet we want to communicate with the on-premises.
In other words, communication with on-premises is not possible unless a route destined to the Transit Gateway is set in the route table for the subnet that does not communicate with on-premises.
So we thought there would be no problem with advertising the VPC's CIDR to the on-premises route.

profile picture
EXPERT
Riku_Kobayashi
answered 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content