Transit Gateway - Multiple Subnet per AZ

0

Hello,

I have a situation with several VPCs in a different account. We want to configure a monitoring environment in its own VPC. The VPC must be able to connect to EC2 instances in all our VPCs and subnets. Instead of using traditional VPC peering, I want to try Transit Gateway to simplify the process and management. But I had a problem and I want to confirm that this is a Transit Gateway design issue and that we have not misinterpreted the documentation. In most of our VPCs, we use multiple subnets by AZ. Our standard VPC configuration includes two subnets in AZ A (one private and one public) and two subnets in AZ B (one private and one public). We use classic AWS design to support high availability. According to my test and documentation, it is impossible to link two or more subnets to a Transit Gateway Attachment. It is therefore impossible to use Transit Gateway to route traffic to all subnets of the different VPCs and accounts that we have from the VPC monitoring. Am I missing something or not using the transit gateway properly?

Thank you for your help

asked 4 years ago344 views
2 Answers
1

the TG will be able to route to any subnet, once you setup your routing tables.

The subnet association is simply the subnet WITHIN THE ENTIRE AZ that the TG uses to route traffic: It's likely setting up an Elastic Network Interface in that subnet..once it does that, it will be able to communicate to any subnet in that AZ, as long as your routing rules and security groups allow it.

Make sense?

answered 4 years ago
0

The console really leads us to think that the transit gateway attachment will be restricted only to those subnets that are marked at the attachment creation time. What happens at the creation attachment moment moment, in fact, is the choice of in which subnet the elastic network interface related to that particular attachment will be created and not which subnet can be used by the attachment in question. ALL subnets in an Availability Zone are reached by an attachment created in that Availability Zone.

Also, due to this behavior, it is recommended that when using a transit gateway in your network architecture, you have specific subnets with a /28 range, for example, to be used only for the transit gateway attachments.

Design Best Practices Link - https://docs.aws.amazon.com/vpc/latest/tgw/tgw-best-design-practices.html

Print of TG Best Practices

profile picture
answered 5 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions