Multi-Region Connectivity: Transit Gateway & Three VPCs Deep Dive.

Getting Started with AWS Transit Gateway:

AWS Transit Gateway is mainly used to connect VPCs and an on-premises network. TGW mainly helps to simplify our network topology and avoid peering connections between large numbers of VPCs.

These are the following benefits to using TGW to integrate third — party services.

⇾ it supports bidirectional traffic between our VPCs and the third — party network.

⇾ it supports all types of IP traffic, including (TCP and UDP).

⇾ it deploys a centralized traffic inspection point between our connected VPC’s and the third -party network tools.

⇾ it easily scales as the number of VPCs involved in the integration changes.

These are the following disadvantages of using a TGW.

⇾ overlapping CIDR blocks are not supported by TGW.

⇾ so many third-party providers do not support this because only third — party providers will maintain complete control and minimize sharing components with their clients.

• Now I am going to do the AWS TGW lab only within the AWS infrastructure.

Step 01. Creating 2 VPCs in the US East (N. Virginia) Region:

⇾ I have created a VPC under the name of VPC-1 in the US East (N. Virginia) Region.

⇾ I have selected IPv4 CIDR block 10.0.0.0/16.

⇾ I have selected 1 Availability Zone (AZs).

⇾ I have selected 1 public subnet.

⇾ I have not selected any private subnet.

⇾ I have not selected any NAT gateway.

⇾ I have not selected any VPC endpoint.

⇾ I have created another VPC under the name of VPC-2 in the US East (N. Virginia) Region.

⇾ I have selected IPv4 CIDR block 192.168.0.0/16.

⇾ I have selected 1 Availability Zone (AZs).

⇾ I have selected 1 public subnet.

⇾ I have not selected any private subnet.

⇾ I have not selected any NAT gateway.

⇾ I have not selected any VPC endpoint.

Step 02. Creating a Security Groups:

• I am allowed the below inbound rules for VPC -1 SG.

⇾ All traffic — custom.

⇾ All traffic — Anywhere — IPv4.

• I am allowed the below inbound rules for VPC -2 SG.

⇾ All traffic — custom.

⇾ All traffic — Anywhere — IPv4.

Step 03. Creating a Transit Gateway:

⇾ I have created TGW under the name of AWS-TGW-NV in the US East (N. Virginia) Region.

• Now let’s create one TG attachment for each of the VPC’s.

⇾ I have created TGW under the name of AWS-TGW- Attach — VPC-1 — NV.

⇾ I have selected the Transit gateway ID previously created by TGW.

⇾ I have selected the Attachment type as VPC.

⇾ I have selected the VPC ID as VPC — 1.

⇾ I have selected the Subnet ID as VPC-1 — subnet-public1-us-east-1a.

⇾ I have created TGW under the name of AWS-TGW- Attach — VPC-2 — NV.

⇾ I have selected the Transit gateway ID previously created by TGW.

⇾ I have selected the Attachment type as VPC.

⇾ I have selected the VPC ID as VPC — 2.

⇾ I have selected the Subnet ID as VPC-2 — subnet-public1-us-east-1a.

Step 03. Creating EC2 Instances:

⇾ I have created a virtual machine under the name of VPC-1 in the US East (N. Virginia) Region.

⇾ I have selected the (Amazon Machine Image) as ubuntu Linux.

⇾ I have selected the Instance type as t2.micro, a free trial instance. That’s why I chose it.

⇾ I have created a new key pair named surya-key.

⇾ I have selected VPC as VPC-1. You can select as per your requirements.

⇾ I have selected Subnet as VPC-1 — subnet-public1-us-east-1a.

⇾ I enabled Auto-assign public IP.

⇾ You can select which type of Firewall (security group) you want. I have selected the default security group.

⇾ I have created another virtual machine under the name of VPC-2 in the US East (N. Virginia) Region.

⇾ I have selected the (Amazon Machine Image) as ubuntu Linux.

⇾ I have selected the Instance type as t2.micro, a free trial instance. That’s why I chose it.

⇾ I have created a new key pair named surya-key.

⇾ I have selected VPC as VPC-2. You can select as per your requirements.

⇾ I have selected Subnet as VPC-2 — subnet-public1-us-east-1a.

⇾ I enabled Auto-assign public IP.

⇾ You can select which type of Firewall (security group) you want. I have selected the default security group.

• Allowing VPC routes within the region.

⇾ Now I am allowing the VPC-2 routes in VPC-1.

⇾ Now I am allowing the VPC-1 routes in VPC-2.

⇾ Now I am checking my vpc-1 instance to see if a VPC-2 private IP is accessed or not. Then, after I enter the ping command with a private IP, it is successfully peering with VPC-1.

⇾ Now I am checking my vpc-2 instance to see if a VPC-1 private IP is accessed or not. Then, after I enter the ping command with a private IP, it is successfully peering with VPC-2.

Step 04. Creating VPC in the US East (Ohio) region:

⇾ I have created a VPC under the name of VPC-3 in the US East (Ohio) Region.

⇾ I have selected IPv4 CIDR block 172.31.0.0/16

⇾ I have selected 1 Availability Zone (AZs).

⇾ I have selected 1 public subnet.

⇾ I have not selected any private subnet.

⇾ I have not selected any NAT gateway.

⇾ I have not selected any VPC endpoint.

Step 05. Creating a Security Groups:

• I allowed the below inbound rules for VPC -1 SG.

⇾ All traffic — custom.

⇾ All traffic — Anywhere — IPv4.

Step 06. Creating a Transit Gateway in the US East (Ohio) region:

⇾ I have created TGW under the name of AWS-TGW-Ohio in the US East (Ohio) Region.

• Now let’s create one TG attachment for one VPC.

⇾ I have created TGW under the name of AWS-TGW- Attach — VPC-3 — Ohio.

⇾ I have selected the Transit gateway ID previously created by TGW.

⇾ I have selected the Attachment type as VPC.

⇾ I have selected the VPC ID as VPC — 3.

⇾ I have selected the Subnet ID as VPC-3— subnet-public1-us-east-2a.

Step 06. Creating EC2 Instance in the US East (Ohio) region:

⇾ I have created a virtual machine under the name of VPC-3 in the US East (Ohio) Region.

⇾ I have selected the (Amazon Machine Image) as ubuntu Linux.

⇾ I have selected the Instance type as t2.micro, a free trial instance. That’s why I chose it.

⇾ I have created a new key pair named surya-key.

⇾ I have selected VPC as VPC-3. You can select as per your requirements.

⇾ I have selected Subnet as VPC-3 — subnet-public1-us-east-1a.

⇾ I enabled Auto-assign public IP.

⇾ You can select which type of Firewall (security group) you want. I have selected the default security group.

• Allowing VPC routes from the US East (N. Virginia) to the US East (Ohio) region and from the US East (Ohio) to the US East (N. Virginia) region.

⇾ Now I am allowing the VPC-3 routes in VPC-1 and VPC-1 routes in VPC-3

⇾ Now I am allowing the VPC-3 routes in VPC-2 and VPC-2 routes in VPC-3

Step 07. Creating a Transit Gateway attachment between the two regions.

⇾Now I am creating the transit gateway attachment between the two regions.

⇾ I have created TGW under the name of AWS-Ohio-TGW-PEERING in the US East (N. Virginia).

⇾ Now I am sending the TGW attachment request to the US East (N. Virginia) Region to the Ohio region. Then, in the Ohio region, after accepting the TGW request, I again accepted the attachment request from US East (N. Virginia) Region. After some time, both TGW are showing status available.

Step 08. Creating Transit gateway route tables.

⇾ Now I am creating the transit gateway route tables between the two regions.

⇾ Now I am allowing the US East (N. Virginia) region transit gateway static route in the Ohio region transit gateway static route, I am allowing the Ohio region transit gateway static route in the US East (N. Virginia) region transit gateway static route.

⇾ Now I am checking my vpc-1 instance to see if a VPC-3 private IP is accessed or not. Then, after I enter the ping command with a private IP, it is successfully peering with VPC-1.

⇾ Now I am checking my vpc-2 instance to see if a VPC-3 private IP is accessed or not. Then, after I enter the ping command with a private IP, it is successfully peering with VPC-2.

⇾ Now I am checking my vpc-3 instance to see if a VPC-1 private IP is accessed or not. Then, after I enter the ping command with a private IP, it is successfully peering with VPC-1.

⇾ Now I am checking my vpc-3 instance to see if a VPC-2 private IP is accessed or not. Then, after I enter the ping command with a private IP, it is successfully peering with VPC-2.

⇾ I have successfully completed all the lab tasks.

⇾ Your suggestions and feedbacks matter a lot!!! Please do like, share and subscribe to spread the word about Cloud Computing.

⇾ Follow my page to keep updated with new AWS Services and releases.