Migrate VPN to Direct Connect+Transit Gateway
A customer currently has a VPN connected to a VPC with a VPG using static routing. They would like to switch to have a Direct Connect connected to a Transit Gateway which is connected to the VPC.
They are wanting to know how to do this migration with limited downtime. I've tried to find any guides around doing this type of migration, but haven't been able to find anything. I'm assuming that this is a little trickier due to them using static routing on the existing VPN connection, but not sure how or if that would change anything.
Any guidance on this process would be helpful.
Thanks!
- 最新
- 投票最多
- 评论最多
TGW side
Step 1 - Create DXG and associate TVIF to DXG
Step 2 - Create DXG attachment with TGW - Add prefixes that you would like to announce (AWS will announce these prefixes to on-prem) and create VPC attachment with TGW
Step 3 - Establish BGP session and start announcing (On-prem) prefixes via TVIF
Step 4 - Enable propagation within TGW Route Table
If you are not doing any manipulation at TGW route table - Your setup is complete at this point {I believe your customer is at this stage}
VPC Side
- Keep VGW VPN as is. Have route propagation enable on VPC route tables.
- When you are ready to failover - Add static route (on-prem prefixes) pointing to TGW.
- If traffic flow works, all good. You can delete VGW VPN. If it doesn't, remove the static route and traffic will start to flow over VGW VPN again.
相关内容
AWS 官方已更新 2 年前- AWS 官方已更新 8 个月前
- AWS 官方已更新 2 年前
