AWS Transit Gateway Introduction and use cases Wolfgang Bauer| - - PowerPoint PPT Presentation

▶

Dec 28, 2023 739 likes •1.16k views

AWS Transit Gateway Introduction and use cases Wolfgang Bauer| 09.09.2019 Community Day 2019 Sponsors Agenda Motivation and Introduction Use cases before Transit Gateway and now Interconnecting VPCs Connecting multiple VPCs to

SLIDE 1

AWS Transit Gateway Introduction and use cases

Wolfgang Bauer| 09.09.2019

Community Day 2019 Sponsors

SLIDE 2

Agenda

Motivation and Introduction
Use cases before Transit Gateway and now
Interconnecting VPCs
Connecting multiple VPCs to on-premise / office
Transit
EMnify‘s use case

SLIDE 3

About me

Wolfgang Bauer

@wo_wue

Software Developer at EMnify GmbH

SLIDE 4

EMnify GmbH

Cloud-based virtual mobile network operator (MVNO) focussed on IoT
Provide global connectivity for IoT devices
Running virtualized, self-developed mobile core on AWS
Located in Würzburg & Berlin
Technology stack: AWS, Terraform, Java, Akka, Perl, C++, Go

SLIDE 5

Motivation and Introduction

SLIDE 6

Why do we need something new?

For any VPC traffic we need source or destination address to be in VPC
Tunnels or NAT needed to actually have transit traffic
Many VPCs need a lot of setup and maintenance effort

SLIDE 7

Transit Gateway

Virtual router

multiple route tables

Connects VPCs, VPNs

and Direct Connects

Associate route tables

to your attachment

Propagate your routes or

configure them statically

SLIDE 8

SLIDE 9

Border Gateway Protocol

Routers tell their neighbours, which network prefixes they can route
Used to find the shortest path between two nodes
Used in internet, but also also internal BGP within own infrastructure

10.1.0.0/16 AS 12 10.1.0.0/16 AS 890 10.2.0.0/16 10.1.0.0/16 10.2.0.0/16 AS 61234 10.100.0.0/16 10.2.0.0/16 10.100.0.0/16

SLIDE 10

Use cases

SLIDE 11

Interconnecting Virtual Private Clouds

SLIDE 12

Interconnecting VPCs

VPCs Peerings 2 1 3 3 4 6 5 10

VPC Webshop 10.10.0.0/16 VPC Logistics 10.11.0.0/16 VPC Databases/BI 10.12.0.0/16 VPC Manifacturing 10.13.0.0/16

SLIDE 13

Interconnecting VPCs

Transit Gateway

SLIDE 14

SLIDE 15

SLIDE 16

Interconnecting VPCs

tgw-rtb-a1a1a3b2 Destination CIDR Attachment 10.10.0.0/16 tgw-attach-1 10.11.0.0/16 tgw-attach-2 10.12.0.0/16 tgw-attach-3

VPC Webshop 10.10.0.0/16 VPC Logistics 10.11.0.0/16 tgw-attach-1 tgw-attach-2 VPC Databases 10.11.0.0/16 tgw-attach-3

SLIDE 17

Interconnecting VPCs

tgw-rtb-a1a1a3b2 Destination CIDR Attachment 10.10.0.0/16 tgw-attach-1 10.11.128.0/15 tgw-attach-2 10.12.0.0/16 tgw-attach-3

VPC Webshop 10.10.0.0/16 VPC Logistics 10.11.0.0/16 tgw-attach-1 tgw-attach-2 VPC Databases 10.11.0.0/16 tgw-attach-3

SLIDE 18

SLIDE 19

Connecting VPCs to on-premise

SLIDE 20

Connecting VPCs to on premise

AWS Cloud

VPC VPC VPC

Private subnet Private subnet Private subnet

VPC 1: tenant 1 VPC 2: tenant 2 VPC 3: tenant 3 VPN VPN VPN Customer Gateway

SLIDE 21

Connecting VPCs to on premise

AWS Cloud

VPC VPC VPC

Private subnet Private subnet Private subnet

VPC 1: tenant 1 VPC 2: tenant 2 VPC 3: tenant 3

SLIDE 22

Connecting VPCs to on premise

VPC VPC

Private subnet Private subnet

tgw-rtb-south

Destination CIDR Attachment Resource Type 10.10.0.0/16 tgw-attach-vpc1 VPC 10.11.0.0/16 tgw-attach-vpc2 VPC

tgw-rtb-north

Destination CIDR Attachment Resource Type 192.168.0.0/22 tgw-attach-vpn VPN

VPC 1: 10.10.0.0/16 VPC 2: 10.11.0.0/16 192.168.0.0/22

SLIDE 23

SLIDE 24

Transit VPC

SLIDE 25

Transit VPC

VPC VPC

Private subnet Private subnet

VPC

VPC 1 VPC 2 Transit VPC

SLIDE 26

Transit VPC

VPC VPC

Private subnet Private subnet

VPC

SLIDE 27

Transit VPC

VPC VPC

Private subnet Private subnet

VPC

tgw-rtb-in

Destinati

n CIDR

Attachment Resource Type Route Type 10.10.0.0 /16 tgw-attach-1 VPC static 10.11.0.0 /16 tgw-attach-2 VPC static

tgw-rtb-out

Destinati

n CIDR

Attachment Resource Type Route Type 0.0.0.0/0 tgw-attach- transit1 VPN propagated tgw-attach- transit2 VPN propagated

tgw-attach-1 tgw-attach-2

SLIDE 28

Transit VPC for Direct Connect

VPC VPC

Private subnet Private subnet

VPC

AWS Direct Connect

SLIDE 29

Transit Gateway with Direct Connect

VPC VPC

Private subnet Private subnet

AWS Direct Connect

SLIDE 30

The EMnify use case: Connect customer to their devices

SLIDE 31

SGSN

Connect customer to their devices

VPC

Private subnet

EMnify VPC EMnify gateway Customer device Mobile network Operator gateway NAT gateway

SLIDE 32

Connect customer to their devices

VPC

Private subnet

Customer1 VPC

VPC

Private subnet

EMnify VPC EMnify gateway Customer device Mobile network Operator gateway Application server

tgw-rtb-toCustomer

Destination CIDR Attachment Resource Type 10.10.5.0/24 tgw-attach-c1 VPC

tgw-rtb-fromCustomer

Destinatio n CIDR Attachme nt Resource Type 100.64.0. 0/10 tgw- attach-em VPC

10.10.0.0/16 10.123.0.0/16 Customer2 on Azure Application server

10.22.0.0/24 tgw-attach-c2 VPN 10.4.192.0/24 tgw-attach-c3 VPN 10.19.11.0/24 tgw-attach-c4 VPC

SLIDE 33

SLIDE 34

Connect customer to their devices - HA

VPC

Private subnet

EMnify VPC EMnify gateway Customer device Mobile network Operator gateway

tgw-rtb-toCustomer

Destination Attachment Route Type 10.10.5.0/24 tgw-attach-vpn1 propagated tgw-attach-vpn2 propagated

tgw-rtb-fromCustomer

Destination Attachment Route Type 100.64.0.0/10 tgw-attach- emvpc static

10.123.0.0/16 BGP

SLIDE 35

Connect customer to their devices - HA

SLIDE 36

Important Limits

Routes: 10 000 per route table (VPC route table 50 soft, 1000 hard)
Bandwidth:
VPC: 50 Gbps
VPN: 1.25 Gbps (higher using multiple connections with ECMP)
Transit Gateways per region: 5, 5000 attachments per region
No inter-region attachments (yet)

SLIDE 37

Summary

SLIDE 38

Pricing

eu-west-1 eu-central-1 Attachment 0.05 $ per hour 0.06 $ per hour 36 $ per month 43,20 $ per month Data Traffic 0.02 $ per GB 0.02 $ per GB

SLIDE 39

Summary

Virtual router
Flexible routing
Control route table association and propagation
High Availability by AWS