Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the rocket domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/rahi_io/wp-includes/functions.php on line 6114
How Multiple Transit Gateways can Simplify VPC Connectivity for Large Enterprises – Rahi
DC Infrastructure

How Multiple Transit Gateways can Simplify VPC Connectivity for Large Enterprises

By Hardik Panchal

January 24, 2020 - 3 min

In a previous post, we discussed the Transit Gateway managed service from Amazon Web Services (AWS). AWS Transit Gateways act as a hub for connecting multiple Virtual Private Clouds (VPCs) and virtual private network (VPN) connections within a single region. They enable a hub-and-spoke model with centralized control of traffic routed among VCPs.

As we explained previously, Transit Gateways have some limitations — for one thing, you won’t be able to use route aggregation, so your routing table is going to get bigger and bigger. That’s why larger companies often use multiple Transit Gateways to connect VPCs.

Let’s take a software development company as an example. They have a production environment, a QA environment and a development environment. If we use just one Transit Gateway, there will be a lot of routes, which will be hard to manage. Instead, you can use one Transit Gateway for production, one for QA and one for development. By using multiple Transit Gateways, you can decrease the site of the routing table so you don’t need a big team to manage your AWS cloud.

You can also segregate the environment by department, just as you would in the on-premises data center. With a single Transit Gateway, it would be very hard to segregate traffic between production, QA and development. Multiple Transit Gateways provide isolated sections within the VPC, with resources launched in a virtual network.

 

AWS Transit Gateway in Action: VPN to VPCs Connectivity

You can set up a VPN connection to the Transit Gateway for remote access to the cloud instances, or you can use the AWS Direct Connect site-to-site VPN to connect to VPCs within the same region. The administrator gains greater visibility and complete control over the routing table and the IP range in use. In this way, multiple Transit Gateways improve security.

You can also combine multiple Transit Gateways with the concept of transit VPCs. A transit VPC is the old way of connecting multiple VPCs with remote resources. You set up a VPC with a firewall or routing instance in the center to create a global network. In our case, you can use that as a security add-on — your firewall or edge device will be connected to multiple Transit Gateways.

Finally, the use of multiple Transit Gateways allows you to aggregate bandwidth. A single Transit Gateway supports up to 50gbps. In our scenario, in which we’re using three Transit Gateways, we get up to 150gbps of bandwidth.

The use of multiple Transit Gateway is most suitable for large companies — customers who host their data center primarily in the cloud, and want to segregate their cloud by department. A large enterprise is going to have hundreds or even thousands of AWS accounts and rapid growth.

Each VPC instance is associated with a specific account, so you have to have a way to connect them. Traditionally, you could use VPC peering, but with that you need to manage access control lists (ACLs). That’s very costly. With multiple Transit Gateways it becomes easy — you don’t have to deal with as many routing and ACL parts. You have one link instead of three. If there is a new instance or VPC, you can easily attach to it without the need to update the routing table. It is cost-effective because infrastructure management overhead is reduced.

Large enterprises with a substantial and growing number of VPC instances can save time and money with multiple Transit Gateways. Contact the Rahi Systems network engineering team for help in architecting a solution.

Author

  • Hardik is lead network engineer for Rahi Systems, India, and manages the network operations team in India. He also works closely with the managed services team in the U.S. He assists in new network implementations and troubleshooting in on-premises data centers as well as the cloud. His experience includes routing, switching, security and cloud solutions across multiple vendors.

, General Manager, NOC/TAC Services

DC Infrastructure
Nov 17,2021
Looking to Adopt Edge Computing? SD-WAN Can Help

The explosion of smart devices is compelling organizations to seek new ways to deliver IT services to their employees...

Get in touch with our experts for a free 30-minute strategy
consultation

Let our experts design, develop, deploy and manage your requirements while you focus on what's important for your business

Book a Consultation
error: Content is protected !!