By James Ronneberg, North America Partner Development Manager for Cloud at Megaport
Routing traffic between virtual private clouds (VPCs) has seen several generations of evolution.
VPC peering enabled instances in different VPCs to communicate with each other as if they were within the same network.
Later, AWS Transit Gateway, akin to a virtual router, provided a more scalable, simpler networking solution within a given AWS Region.
For routing across multiple regions, peering could be applied to AWS Transit Gateways to enable traffic flow, but that requires static routes to be configured and maintained.
There’s another approach that can be effective when applied to multiple regions, and that’s using a virtual router service such as Megaport Cloud Router (MCR).
Megaport has earned the AWS Networking Competency and AWS Direct Connect Service Delivery designation, meaning we have been validated by AWS Partner Solutions Architects as experts in delivering specific AWS services for customers.
In this post, I will walk you through different network designs and make clear the advantages of using Megaport Cloud Router with AWS Transit Gateway as a way to route traffic across multiple AWS Regions.
VPC Peering Within a Region
Prior to AWS Transit Gateway, VPC peering was used to enable the flow of traffic between VPCs.
However, VPC peering’s non-transitive nature limits its effectiveness.
To understand why, let’s examine the scenario in Figure 1.
Figure 1 – In this scenario, VPC B and VPC C cannot communicate with each other.
VPC A can communicate with VPC B and VPC C. However, VPC B and VPC C cannot communicate with one another. The non-transitive nature is captured in the following example:
|VPC A ⟷ VPC B|
|VPC A ⟷ VPC C|
|VPC B VPC C|
For VPC B and VPC C to communicate, direct peering must be established between the two, as shown in Figure 2.
Figure 2 – To communicate with each other, VPC B and VPC C require direct peering.
These VPC peering relationships would have to be stitched together one by one. The routing table in each VPC would also require updates to enable traffic flow.
|VPC A ⟷ VPC B|
|VPC A ⟷ VPC C|
|VPC B ⟷ VPC C|
For three VPCs, this may be manageable, but as you begin to scale out your cloud environment this becomes complex and administratively burdensome.
Figure 5 – Multiple direct peering relationships.
Here, you can see a direct peering table for multiple VPCs:
|VPC A ⟷ VPC B||VPC B ⟷ VPC C||VPC C ⟷ VPC E|
|VPC A ⟷ VPC C||VPC B ⟷ VPC D||VPC C ⟷ VPC F|
|VPC A ⟷ VPC D||VPC B ⟷ VPC E||VPC D ⟷ VPC E|
|VPC A ⟷ VPC E||VPC B ⟷ VPC F||VPC D ⟷ VPC F|
AWS Transit Gateway Simplifies Routing Between VPCs
AWS Transit Gateway simplifies connections between VPCs by allowing transitive routing of traffic between VPCs in the same region; direct, manual VPC peerings are no longer required. AWS Transit Gateway acts as a central hub—routing traffic between VPCs acting as spokes—within the same region.
Figure 4 – AWS Transit Gateway acting as the hub between VPCs.
In addition to the architectural improvements it provides, AWS Transit Gateway also supports multiple routing tables to provide virtual routing and forwarding (VRF) for traffic segmentation. A single transit gateway can handle 10,000 routes, scale up to 50Gbps, and connect up to 5,000 VPCs in a single region.
What If You Need to Route Traffic Between Multiple Regions?
AWS Transit Gateway, and the VPCs it connects, must be located within the same AWS Region. To handle traffic between multiple regions, AWS Transit Gateway peering is offered in select regions, and works the same way as VPC peering. Both require static routes to be configured between AWS Transit Gateways.
If you choose this solution, be sure to take into consideration your organization’s tolerance for managing static routes.
An alternate solution that provides a number of advantages is the Megaport Cloud Router. It’s a virtual router service that simplifies inter-region connectivity between AWS Transit Gateways without the need for VPC peering.
Topology of a Multi-Region Solution
Megaport Cloud Router provides centralized routing between AWS Transit Gateways in different AWS Regions by using a standard border gateway protocol (BGP) to dynamically advertise routes.
Figure 5 – Megaport provides connectivity across AWS regions.
AWS Transit Gateway 1 is in US-West-2 and AWS Transit Gateway 2 is in US-East-1. Each transit gateway has an association with a corresponding AWS Direct Connect gateway. The Megaport Cloud Router establishes BGP peering to each AWS Direct Connect gateway through a transit virtual interface (VIF).
Deployment – What’s Involved
The Megaport Cloud Router is a hosted router appliance managed by Megaport on their network as a service. Megaport is responsible for the network deployment, connectivity, baseline configuration, licensing, and maintenance of the router appliances.
You specify the AWS environment you want to connect your cloud router to, and the BGP parameters for connectivity. As your infrastructure in AWS scales, the number of VPCs increases.
The following elements are required:
- One Megaport Cloud Router (MCR).
- Two virtual cross connects (VXS) to AWS hosted connections.
- Two AWS Direct Connect gateways.
- A transit virtual interface between each MCR and AWS Direct Connect gateway.
- Two AWS Transit Gateways in different regions.
- VPC attachments from each AWS Transit Gateway to each VPC.
- An association between the AWS Transit Gateway and its corresponding AWS Direct Connect gateway.
During setup, the AWS Transit Gateways, AWS Direct Connect gateways, and MCR are configured with different BGP autonomous system numbers (ASNs) to work properly.
Once this network structure has been set up, the MCR acts as a central router, dynamically exchanging routes between the two AWS Transit Gateways.
For more information, read AWS Transit Gateway Inter-Region Routing with MCR. It’s a step-by-step guide that explains how MCR works with AWS Transit Gateway to deploy a simplified global network that scales with your AWS environment.
A virtual router service such as Megaport Cloud Router (MCR) routes traffic across AWS regions without forcing you to set up and maintain static routes. MCR is a virtual routing service maintained by Megaport. All you do is set up your AWS environment and forward its configuration to Megaport, which handles the rest.
Megaport’s connectivity specialists can provide design and support worldwide to AWS users.
For further in-depth review, read our article on how to deploy this solution: AWS Transit Gateway Inter-Region Routing with MCR.
Looking to configure AWS Direct Connect gateways with AWS Transit Gateways? Refer to Transit Gateway Associations in the AWS Direct Connect User Guide.
Finally, AWS Transit Gateway Best Design Practices provides useful tips on network design.
The content and opinions in this blog are those of the third party author and AWS is not responsible for the content or accuracy of this post.
Megaport – AWS Partner Spotlight
Megaport is an AWS Competency Partner and global network as a service provider transforming the way businesses connect to the AWS Cloud.
*Already worked with Megaport? Rate the Partner
*To review an AWS Partner, you must be a customer that has worked with them directly on a project.