AWS Cloud Chronicles

Creating a working AWS Transit gateway (TGW) in 5 mins.

  1. Create the Transit Gateway
  2. Create the Transit Gateway Attachment
  3. Update the VPC routing table

Step 1 – Create the actual Transit Gateway

  1. Go the VPC services

2. Choose Transit Gateways from the Transit gateway sub menu

3. Click on the Create Transit Gateway

4. Enter a Name & Description

5. Start the configuration of the Transit Gateway by providing a unique BGP ASN. Make sure it is unique on all your network environment. The BGP range is 64512 to 65534 for 16-bit ASNs and between 4200000000 to 4294967294 for 32-bit ASNs.

6. Let the other setting as default as you would need to have DNS resolution and the TGW association and propagation with the routing table. If you require multicast support ensure you select the multicast support option

7. Click enable for the VPN ECMP support, if you need Equal Cost Multipath (ECMP) routing support between VPN tunnels. If the connections advertise the same CIDRs, the traffic is distributed equally between them. Dynamic routing is required on the other side of the VPN and the advertised BGP ASN, the BGP attributes such as the AS-path, and the communities for preference must be the same.

8. Enable auto accept shared attachments if you require to automatically associate the cross account attachments.

9. Click on the Create Transit gateway button to create the TGW which the options chosen.

Step 2 – Create the Transit Gateway attachment

  1. Choose the transit gateway attachments menu and click on create transit gateway attachment

2. Select the transit gateway id from the dropdown list (If no transit gateway is available and you followed the above steps, please wait until the transit gateway is created as might take some time)

3. Choose the attachment type in our case the VPC option will be used but a site to site vpn or another Transit gateway can be attached

4. Enter Attachment name tag and enable IPv6 support if needed

5. Select the VPC id required to associate the VPC with the Transit Gateway (in our case the 1st VPC is the 10.100.0.0/16)

6. Select the subnet which are required for the association

7. Click on Create attachment

8. Repeat the process in this step for all the VPC required to be associated. The 2nd VPC required in our case is 10.101.0.0/16 VPC (id ending with abd)

Once the process is done we have associated the 10.100.0.0/16 and 10.101.0.0/16 with the transit gateway

9. As part of the verification process, the TGW route table should have been automatically updated. Choose the transit gateway route tables menu

10. Click on the associations tab and verify the VPC id the resource ID

11. Click on the route tab and verify the appropriate routes are associated

In our case the 10.100.0.0/16 and 10.101.0.0/16

Step 3 – Updating the VPC routing tables

  1. Select the route tables option

2. Choose the 1st VPC routing table and click on routes tab

3. Click edit routes

4. Click add route and create a new entry for the 10.101.0.0/16 and point it to the transit gateway and click save routes

5. Repeat the same process to update the 2nd vpc to include the 10.100.0.0/16 CIDR block

Exit mobile version