- Mais recentes
- Mais votos
- Mais comentários
Thanks for your question JD.
In your case which is based on scenario 2 of the blog. With your configs (no static route on TGW peering for on-prem prefixes), you will be running without resilliency. TGW us-west-1 will have 172.16.0.0/16 (7224:7300) and 172.17.0.0/16 (7224:7200). PHX On-prem will have 10.0.0.0/16 and 10.1.0.0/16. And similary on TGW us-east-1 will have 172.17.0.0/16 (7224:7300) and 172.16.0.0/16 (7224:7200). ATL On-prem will have 10.0.0.0/16 and 10.1.0.0/16.
When every thing is up traffic will be fine, but you will not have resiliency.
Scenario 1: In case DX Connection in PHX fails. Assuming you gave iBGP between sites over the corporate and advertise 10.0.0.0/16 from ATL to PHX on the MPLS.
Traffic from PHX to us-west-1 will flow like this: PHX --> MPLS --> ATL --> DXGW(65002) --> TGW(us-east-1) --> TGW(us-west-1)
Return traffic from TGW (us-west-1) to PHX will be dropped since the TGW in us-east-1 does not have any route for 172.16.0.0/16.
Instead I would suggest use the appoach I share here in a rough drawing. Since we have increased the limit on number of transit VIF, you could leverage BGP in a better manner to achieve resilient and operationally excellent design and save cost of inter-region Data Transfer over tranit gateway peering. You will need to use correct BGP metric on-prem to ensure symetric traffic flow such as Local-Pref.
In the diagram I show route advertisement from on-prem to AWS which will influence the traffic path from AWS to on-prem
Thanks a lot Azeem for your reply. Deserved my vote :). Really helpful. Before i finalize the design, my other network engr wanted to check why the below design can not work with single DXGW ? because as per the TGW route table, there are two entries for both 172.16 and 172.17 as we are advertising both the CIDR range (172.16 and 172.17) from both the location. I had a doubt if this is possible. can you also share your thought. In this case also, can we achieve the same thing as two DXGW mentioned in your design? this will help simplifying the design.
Conteúdo relevante
- AWS OFICIALAtualizada há 2 anos
- Como posso anunciar rotas de VPC em uma conexão do Direct Connect para uma rede on-premises via BGP?AWS OFICIALAtualizada há 8 meses
- AWS OFICIALAtualizada há 3 meses
- AWS OFICIALAtualizada há 2 anos
This will also work just fine. But you will not have comunication between west and east as two TGWs are not peered. It is always advised to keep the number of DXGWs low. I would often recommend using only 1 DXGW unless there is a explicit requirement.
Great, in that case, i will add the TGW peering stuff in my diagram and go for it. this helps to reduce the DXGW and still can achieve the failover as we would get with two DXGW. Thanks for help