- Newest
- Most votes
- Most comments
To advertise the remote VPC-1 subnet (192.168.10.0/22) through the Direct Connect connection of VPC-2, you'll need to make some adjustments to your current setup. Here's how you can achieve this:
-
Transit Gateway Route Tables: Ensure that you have two transit gateway route tables: one for VPC attachments (let's call it TGW RT-1) and another for the Direct Connect gateway attachment (TGW RT-2).
-
Route Table Associations:
- Associate VPC-1 and VPC-2 attachments with TGW RT-1.
- Associate the Direct Connect gateway attachment with TGW RT-2.
-
Route Propagation:
- In TGW RT-1, propagate the route for the Direct Connect gateway attachment.
- In TGW RT-2, propagate the routes for VPC-1 and VPC-2 attachments.
-
VPC Route Tables: In both VPC-1 and VPC-2 subnet route tables, add a static route for the other VPC's CIDR that points to the transit gateway ID.
-
Direct Connect Gateway: Create a Direct Connect gateway and associate it with your transit gateway. When associating, make sure to include both VPC CIDRs (192.168.10.0/22 and 192.168.50.0/24) in the "Allowed Prefixes" field.
-
Virtual Private Gateway (VGW): Instead of adding a static route in the VGW routing table, associate the VGW with the Direct Connect gateway. This will allow the VGW to learn routes from the transit gateway through the Direct Connect gateway.
-
BGP Configuration: On your on-premises router, ensure that BGP is configured to accept and propagate the routes received from the Direct Connect connection.
By following these steps, both VPC-1 (192.168.10.0/22) and VPC-2 (192.168.50.0/24) subnets should be advertised through BGP to your on-premises router via the Direct Connect connection. The transit gateway will handle routing between the VPCs and the Direct Connect gateway, allowing traffic to flow between all networks.
Sources
Use on-premises firewall with DC transit VIF to route VPC traffic | AWS re:Post
Access to remote AWS Direct Connect Regions - AWS Direct Connect
Please check this AWS documentation. I believe you are trying to deploy Option2. So Transit Gateway isn't needed unless you need to allow communication between VPC1 and VPC2. https://docs.aws.amazon.com/whitepapers/latest/building-scalable-secure-multi-vpc-network-infrastructure/direct-connect.html
The Direct Connect Gateway acts as the intermediary, aggregating the routes from all connected VGWs before sending them to your customer router. So you need to associate your multiple VGWs to the DXGW.
But if you want to build a mesh network (yet segmentation is possible), you need to explore provisioning Transit VIF. In that case, your set up will be like VPC1 > TGW > DXGW > Transit VIF > Customer Gateway. The same follows for VPC2. You will have to add the CIDRs you want to advertise to your CGW during the TGW association to DXGW step.
Let me know which of the options you are leaning to, then I can help with the follow up questions.
Relevant content
- asked 4 months ago
- Accepted Answerasked 3 months ago
- asked 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago