Local gateway - AWS Outposts

Local gateway

The local gateway is a core component of the Outposts architecture. The local gateway enables connectivity between your Outpost subnets and your on-premises network. If the on-premise infrastructure provides an internet access, workloads running on Outposts can also leverage the local gateway to communicate with regional services or regional workloads. This connectivity can be achieved either by using a public connection (internet) or using Direct Connect. For more information, see AWS Outposts connectivity to AWS Regions.

Local gateway basics

Each Outpost supports a single local gateway. A local gateway has the following components:

  • Route tables – You use to create local gateway route tables. For more information, see Local gateway route tables.

  • CoIP pools – (Optional) You can use IP address ranges that you own to facilitate communication between the on-premises network and instances in your VPC. For more information, see Customer-owned IP addresses.

  • Virtual interfaces (VIFs) – AWS creates one VIF for each LAG and adds both VIFs to a VIF group. The local gateway route table must have a default route to the two VIFs for local network connectivity. For more information, see Local network connectivity for racks.

  • VIF group associations – AWS adds the VIFs it creates to a VIF group. VIF groups are logical groupings of VIFs. For more information, see VIF group associations.

  • VPC associations – You use to create VPC associations with your VPCs and the local gateway route table. VPC route tables associated with subnets that reside on an Outpost can use the local gateway as a route target. For more information, see VPC associations.

When AWS provisions your Outpost rack, we create some components and you are responsible for creating others.

AWS responsibilities
  • Delivers the hardware.

  • Creates the local gateway.

  • Creates the virtual interfaces (VIFs) and a VIF group.

Your responsibilities
  • Create the local gateway route table.

  • Associate a VPC with the local gateway route table.

  • Associate a VIF group with the local gateway route table.

Routing

The instances in your Outpost subnet can use one of the following options for communication with your on-premises network through the local gateway:

  • Private IP addresses – The local gateway uses the private IP addresses of instances in your Outpost subnet to facilitate communication with your on-premises network. This is the default.

  • Customer-owned IP addresses – The local gateway performs network address translation (NAT) for the customer-owned IP addresses that you assign to the instances in the Outpost subnet. This option supports overlapping CIDR ranges and other network topologies.

For more information, see Local gateway route tables.

Connectivity through the local gateway

The primary role of a local gateway is to provide connectivity from an Outpost to your local on-premises network. It also provides connectivity to the internet through your on-premises network. For examples, see Direct VPC routing and Customer-owned IP addresses.

The local gateway can also provide a data plane path back to the AWS Region. The data plane path for the local gateway traverses from the Outpost, through the local gateway, and to your private local gateway LAN segment. It would then follow a private path back to the AWS service endpoints in the Region. Note that the control plane path always uses the service link connectivity, regardless of the data plane path that you use.

You can connect your on-premises Outposts infrastructure to AWS services in the Region privately over AWS Direct Connect. For more information, see AWS Outposts private connectivity.

The following image shows the connectivity through the local gateway:


        Shows local gateway connections.