Transit Gateway

Transit Gateway

·

9 min read

Hello Everyone,

Today we will be exploring Transit Gateway.

A Transit Gateway is a network transit hub that enables you to interconnect your VPCs, VPN connections, and Direct Connect gateways through a central point, simplifying your network architecture.

Let's get started.


Overview

We will be creating three VPCs, each with a subnet and an instance within that subnet. We'll set up a Transit Gateway to connect these three VPCs. Once all three VPCs are connected, we will SSH into our EC2 instances and perform some task to verify if they can communicate with instances in the other VPCs.


Task 1: Creating a VPC.

Search for VPC in the search box and on VPC dashboard, click on Create VPC.

Provide a suitable name for your VPC and input a CIDR range value.

Keeping all other configurations as default, click on Create VPC.

We have created our first VPC.

Now, let's repeat the process two more times. Ensure the CIDR range for your other VPC does not overlap.

We have created three VPCs. Let's move on to the next task.


Task 2: Creating an Internet gateway

On Internet gateways, click on Create Internet gateway.

Provide a suitable name for your Internet Gateway and click on Create Internet gateway.

Now, we should attach the Internet gateway to our VPC.

Select your first VPC and click on Create internet gateway.

Now, repeat the same process for the remaining two VPCs.

Alright, we have created three internet gateways and attached them to the VPCs.


Task 3: Creating Subnets

On Subnets, click on Create subnet.

Select your first VPC, pick an AZ and provide an eligible CIDR range.

Click on Create subnet.

We have created the first subnet. Now, let's repeat the process for the other two subnets.

Ensure that you provide eligible CIDR ranges for your subnets.

We have created three subnets, each residing in a different VPC.


Task 4: Creating Route Table

On Route table, click on Create route table.

Provide a suitable name for your route table, select your VPC and click on Create route table.

After creating route table, on Subnet associations, click on Edit subnet associations.

Tick your subnet and click on Save associations.

Now, on Routes, click on Edit routes.

Click on Add route, configure the above configurations, and click on Save changes.

Now, we have associated the subnets and set up the necessary routes for the current VPC. Let's repeat the process for our other VPCs.

We have created our route tables.


Task 5: Creating EC2 Instances

Search for EC2 in the search box.

On Instances, click on Launch Instances.

Provide a suitable name for your instance, choose an AMI, either create or use an existing key pair.

Edit Network settings, select your VPC, and Enable the Auto-assign public IP option.

We are provided with default SSH configuration. Now, click on Add security group rule to add a rule for HTTP requests.

Configure the above configurations in your new security group rule.

Scroll to bottom & click on Advanced details.

On User data, paste the following command.

#!/bin/bash

# Update and install apache2
apt-get update
apt-get install -y apache2

# Create a simple index.html file with "Hello" text
echo "Hello from the FIRST" > /var/www/html/index.html

# Restart apache2 service
systemctl restart apache2

Click on Launch instance.

Now, it's time to set up the other two instances. Repeat the process while making necessary changes.

Setting up our second instance.

Configure security rule like we did earlier.

And paste the following in the user data for our second instance.

#!/bin/bash

# Update and install apache2
apt-get update
apt-get install -y apache2

# Create a simple index.html file with "Hello" text
echo "Hello from the SECOND" > /var/www/html/index.html

# Restart apache2 service
systemctl restart apache2

Click on Launch instance.

Now, time to set up our third instance.

Setting up our third instance. Make sure you have added the additional security group rule.

On User data section, paste the following.

#!/bin/bash

# Update and install apache2
apt-get update
apt-get install -y apache2

# Create a simple index.html file with "Hello" text
echo "Hello from the THIRD" > /var/www/html/index.html

# Restart apache2 service
systemctl restart apache2

Click on Launch instance.

We have launched three instances.


Task 6: Setting Transit Gateway

Search for Transit Gateway in the search box.

Provide a suitable name for your transit gateway.

We left these settings as default. The ASN will be provided by AWS. Now, let's discuss these options for a while.

Transit Gateway is a central hub for connecting and managing different networks. ASN is a unique identifier used to help the Transit Gateway route traffic between these networks using Border Gateway Protocol.

DNS Support means the ability to resolve domain names to IP addresses. When enabled, DNS support allows resources connected through the Transit Gateway to use DNS resolution for communication.

Equal-Cost Multi-Path (ECMP) Support for VPNs allows the use of multiple paths for data traffic. This improves load balancing and redundancy by distributing traffic across multiple VPN tunnels that have the same cost (or path length).

Default Route Table Association refers to the automatic association of new VPC attachments to the Transit Gateway's default route table. This means that any new VPCs connected to the Transit Gateway will automatically use the default route table for routing traffic.

Default Route Table Propagation means that routes learned from new VPC attachments are automatically added to the default route table of the Transit Gateway. This ensures that all connected networks are aware of each other without manual route updates.

Multicast Support allows the transmission of data from one sender to multiple receivers simultaneously. This is particularly useful for applications like video conferencing, where the same data needs to be sent to multiple users at the same time.

It automatically accepts requests from other AWS accounts to attach their VPCs or VPNs to your Transit Gateway.

With all other configurations left as default, click on Create transit gateway.

We can see the details of our transit gateway.

Now that we have created a transit gateway, it's time to create transit gateway attachments.

A Transit Gateway Attachment is needed to connect your VPCs, VPN connections, or Direct Connect gateways to the Transit Gateway. The attachments essentially establish the pathways through which data can travel between your networks using the Transit Gateway.

On Transit gateway attachments, click on Create transit gateway attachment. Since we have three VPC connections, we need to create a transit gateway attachment for each of them.

Provide a suitable name and select your Transit Gateway. Since our Attachment type is VPC, we can keep it as the default option.

Select your first VPC for the VPC ID. Keep all configurations as default, then click on Create transit gateway attachment.

Now, let's repeat the process to create the other two transit gateway attachments.

We have created three transit gateway attachments and associated them with their respective VPCs.

Now, it's time to update the route tables of all three VPCs. We need to add routes that direct traffic destined for the other VPCs to the Transit Gateway.

Let's start with the route table of the first VPC.

Select your first route table and on Routes, click on Edit routes.

Duplicate your current tab and navigate to the CIDR value of your second VPC.

Now, click on Add route, paste the copied CIDR into the Destination field, and select your transit gateway attachment in the Target field on Transit Gateway.

Click on Save changes.

Now, click on Add route again.

Copy the CIDR range of the third VPC and follow the same steps as before.

Click on Save changes.

Now, we need to repeat the process for our second and third VPCs.

We have completed all the necessary route setup for our second VPC.

Click on Save changes.

Now, let's proceed with our third VPC.

Okay, the necessary routes for the third VPC have been configured.

Click on Save changes.

Now that all setups are complete, it's time to test the connectivity between the VPCs to ensure everything is working as expected.


Task 7: SSH into EC2 instances.

Go to EC2 dashboard by searching for EC2 in the search box.

Select your first instance and click on Connect.

Now on SSH client, we have to follow given procedures.

Open terminal in your local machine.

Paste the copied command into your terminal to change the key permissions.

Now copy the command and paste it into your terminal to SSH to your instance.

Click on Enter, proceed with yes.

We're now in our first instance. Let's check if we can communicate with the other two instances that are in different VPCs.

Select your second instance & copy the Private IPv4 address.

curl <Private IPv4 address>

Paste the command into your terminal.

Alright, we've received a response from our second instance.

Let's check for a response from our third instance.

We've received a response from our third instance as well.

This confirmation was from our first instance in our first VPC. To check the connectivity from our other two instances in different VPCs, we need to SSH into them and follow the same process we used for the first instance.

Let's now check from our second instance in our second VPC.

Now it's time from our third instance.

Alright, we have tested connectivity from all of our instances, and they all have a connection.


Conclusion

We have successfully set up a transit gateway and connected three VPCs to it. We tested the communication between instances in these VPCs using a simple curl command, confirming that they can communicate with each other.


Task 8: Clean Up

  1. Terminating Instances.

    Select all your instances and in the Instance state panel, click on Terminate instance.

  2. Deleting Transit Gateway attachments.

    Go to VPC dashboard, scroll down to Transit gateways, in the Actions panel, click on Delete transit gateway attachment. Repeat this process for the remaining two attachments. Note that it will take some time for the deletion to complete.

  3. Deleting Transit Gateway.

    Select your transit gateway and in the Actions panel, click on Delete transit gateway.

  4. Deleting Subnets.

    On Subnets, select all your 3 subnets and in the Actions panel, click on Delete subnet.

  5. Deleting VPCs.

    Select your first VPC and in the Actions panel, click on Delete VPC.

    Deleting a VPC will also remove all associated route tables and internet gateways. Repeat the process for the other two VPCs.

We have removed all the used resources now.


Alright, see you in the next one!

Did you find this article valuable?

Support AWS X SUJAN by becoming a sponsor. Any amount is appreciated!