rocket
domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init
action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/rahi_io/wp-includes/functions.php on line 6114In a previous post, we discussed the Transit Gateway managed service from Amazon Web Services (AWS). AWS Transit Gateways act as a hub for connecting multiple Virtual Private Clouds (VPCs) and virtual private network (VPN) connections within a single region. They enable a hub-and-spoke model with centralized control of traffic routed among VCPs.
As we explained previously, Transit Gateways have some limitations — for one thing, you won’t be able to use route aggregation, so your routing table is going to get bigger and bigger. That’s why larger companies often use multiple Transit Gateways to connect VPCs.
Let’s take a software development company as an example. They have a production environment, a QA environment and a development environment. If we use just one Transit Gateway, there will be a lot of routes, which will be hard to manage. Instead, you can use one Transit Gateway for production, one for QA and one for development. By using multiple Transit Gateways, you can decrease the site of the routing table so you don’t need a big team to manage your AWS cloud.
You can also segregate the environment by department, just as you would in the on-premises data center. With a single Transit Gateway, it would be very hard to segregate traffic between production, QA and development. Multiple Transit Gateways provide isolated sections within the VPC, with resources launched in a virtual network.
You can set up a VPN connection to the Transit Gateway for remote access to the cloud instances, or you can use the AWS Direct Connect site-to-site VPN to connect to VPCs within the same region. The administrator gains greater visibility and complete control over the routing table and the IP range in use. In this way, multiple Transit Gateways improve security.
You can also combine multiple Transit Gateways with the concept of transit VPCs. A transit VPC is the old way of connecting multiple VPCs with remote resources. You set up a VPC with a firewall or routing instance in the center to create a global network. In our case, you can use that as a security add-on — your firewall or edge device will be connected to multiple Transit Gateways.
Finally, the use of multiple Transit Gateways allows you to aggregate bandwidth. A single Transit Gateway supports up to 50gbps. In our scenario, in which we’re using three Transit Gateways, we get up to 150gbps of bandwidth.
The use of multiple Transit Gateway is most suitable for large companies — customers who host their data center primarily in the cloud, and want to segregate their cloud by department. A large enterprise is going to have hundreds or even thousands of AWS accounts and rapid growth.
Each VPC instance is associated with a specific account, so you have to have a way to connect them. Traditionally, you could use VPC peering, but with that you need to manage access control lists (ACLs). That’s very costly. With multiple Transit Gateways it becomes easy — you don’t have to deal with as many routing and ACL parts. You have one link instead of three. If there is a new instance or VPC, you can easily attach to it without the need to update the routing table. It is cost-effective because infrastructure management overhead is reduced.
Large enterprises with a substantial and growing number of VPC instances can save time and money with multiple Transit Gateways. Contact the Rahi Systems network engineering team for help in architecting a solution.
Let our experts design, develop, deploy and manage your requirements while you focus on what's important for your business