AWS TRANSIT GATEWAY PART II

Cloud Architect, Enthusiast, Evangelist

Created with Sketch.

AWS TRANSIT GATEWAY PART II

AWS Transit Gateway

In this blog I will continue configuring our AWS Transit Gateway environment. This is Part 4 of my AWS VPC Series and Part TWO of AWS VPC Transit Gateway. Please watch the first three if you are new to AWS. In our previous blog we built an AWS Transit Gateway from the ground up and we noticed how routing comes into play just like it does with any router. We created subnets from the 10.0.0.0 network by further subdividing the 10.1, the 10.2 and the 10.3 networks. Part of being an architect is planning our naming conventions and IP addressing schemes ahead of time.

EC2 Configuration

Let’s create 3 EC2 instances in each of the 3 VPCs. You already know how to create these so I’ll just show one important detail and that is picking the correct VPC. I’ll enable a public IP address in order to ssh and test pings to the other EC2s. In addition, I also have to configure the security groups and allow ICMP so that the 10.2 and 10.3 networks can ping. When we configure the EC2 in VPC-One we have to ensure that pings are allowed from VPC-Two and VPC-Three 10.2 and 10.3 respectively. When we configure the EC2 in VPC-Two we need to allow Pings from VPC-One and VPC-Three and so forth.

Each time we create routes in our VPCs we want to ensure that we are specifying both the correct destinations and transit gateway. As I have mentioned before with a few VPCs it’s not an issue but when you are dealing with many VPCs it can become quite complicated. A good IP addressing scheme and naming convention will alleviate some of the complexity. In our example we are using 10.1 with VPC-one; 10.2 with VPC-two and so forth. In a production environment you might have a naming convention such as west-app-01-a which specifies the west region, “app” specifies that this is an application server and 01-a means that this is application server one in availability zone a. The IP addressing scheme created could specify that 10.1 is the application server VPC. All apps would be centralized in this VPC. We could also establish that 10.1.1 is availability zone A 10.1.2 is AZ B and 10.1.3 AZ C. With this in mind the first application server in the West Region Availability Zone A would have an IP address of 10.1.1.1.

AWS Transit Gateway Routes Are Important

If you attempt to ping now you will find that pings are not successful. Why not? Remember that these are brand new VPCs and we didn’t add any routes. We need to create routes from each VPC to the other two. VPC1 needs a route to 10.2 and 10.3 networks through the Transit Gateway. VPC2 needs routes to 10.1 and 10.3 throught the transit Gateway and VPC three needs routes to 10.1 and 10.2.

Pings are now successful. If we take things a step at a time it makes easier to troubleshoot. Of course if you jump into an existing environment it will be up to you to figure things out.

 

Leave a Reply

%d bloggers like this: