使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款

Migrate VPN to Direct Connect+Transit Gateway

0

A customer currently has a VPN connected to a VPC with a VPG using static routing. They would like to switch to have a Direct Connect connected to a Transit Gateway which is connected to the VPC.

They are wanting to know how to do this migration with limited downtime. I've tried to find any guides around doing this type of migration, but haven't been able to find anything. I'm assuming that this is a little trickier due to them using static routing on the existing VPN connection, but not sure how or if that would change anything.

Any guidance on this process would be helpful.

Thanks!

AWS
已提問 5 年前檢視次數 960 次
1 個回答
1
已接受的答案

TGW side

Step 1 - Create DXG and associate TVIF to DXG

Step 2 - Create DXG attachment with TGW - Add prefixes that you would like to announce (AWS will announce these prefixes to on-prem) and create VPC attachment with TGW

Step 3 - Establish BGP session and start announcing (On-prem) prefixes via TVIF

Step 4 - Enable propagation within TGW Route Table

If you are not doing any manipulation at TGW route table - Your setup is complete at this point {I believe your customer is at this stage}

VPC Side

  • Keep VGW VPN as is. Have route propagation enable on VPC route tables.
  • When you are ready to failover - Add static route (on-prem prefixes) pointing to TGW.
  • If traffic flow works, all good. You can delete VGW VPN. If it doesn't, remove the static route and traffic will start to flow over VGW VPN again.
AWS
已回答 5 年前
profile picture
專家
已審閱 6 個月前
profile picture
專家
已審閱 7 個月前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南