- 최신
- 최다 투표
- 가장 많은 댓글
If the customer has a Dedicated Connection (DX) that allows them to provision new Transit VIF or has ordered new connection via DX Partner they will need a new DXGW. This new DXGW would be attached to Transit Gateway and at this point you will define the prefixes you want to advertise over the new Transit VIF connection towards the on-prem. These prefixes can be edited later so you can add and remove them. These prefixes then can be handled by the customers router as they want. For example they can set the preference to be lower than existing connections or use more specific routing on the existing connections.
The Transit Gateway attachments to VPCs will need static routes added on the VPC routing tables. None of the routes are dynamically propagated from TGW towards VPC attachments. The VPC CIDR can be propagated into the TGW Routing Table.
If they pre-pend AS-Path on their advertisements over this new connection that information will be lost on the DXGW, so the VPCs wouldn't see difference.
So to make this move:
- Setup new Transit VIF with new DXGW (can't use DXGW with VGWs attached)
- Setup new Transit Gateway and attach it to new DXGW. At this point you can define what prefixes are advertised over the Transit VIF or add them later. But these should be less specific than the existing routes coming over the Private VIF.
- Attach VPCs to the Transit Gateway (At this point the traffic from VPCs wont start flowing to TGW as there are no route table entries)
- Add less specific routes to the TGW-DXGW attachment if you didn't do it at step 2
- Add less specific routes to the VPC route tables towards the on-prem (These two steps will activate routes but they are not prefered as they are less specific)
- Shift traffic from the Private VIF to TGW by deactivating route advertisement or shutting down the BGP complete so the less prefered routes are taken into use
Examples of moving connection from VPN + VGW to VPN + TGW: https://aws.amazon.com/premiumsupport/knowledge-center/transit-gateway-migrate-vpn/
관련 콘텐츠
- AWS 공식업데이트됨 10달 전