Local gateway basics Working with the local gateway

Local gateway

The local gateway for your Outpost rack enables connectivity from your Outpost subnets to all AWS services that are available in the parent Region, in the same way that you access them from an Availability Zone subnet. For example, you can access the Regional service endpoints over the public internet, or you can use interface VPC endpoints (AWS PrivateLink) to access them without going over the public internet. For more information, see Outpost connectivity to AWS Regions.

Topics

Local gateway basics

Each Outpost supports a single local gateway. A local gateway has the following components:

Route tables – You use to create local gateway route tables. For more information, see Local gateway route tables.
CoIP pools – (Optional) You can use IP address ranges that you own to facilitate communication between the on-premises network and instances in your VPC. For more information, see Customer-owned IP addresses.
Virtual interfaces (VIFs) – AWS creates one VIF for each LAG and adds both VIFs to a VIF group. The local gateway route table must have a default route to the two VIFs for local network connectivity. For more information, see Local network connectivity for racks.
VIF group associations – AWS adds the VIFs it creates to a VIF group. VIF groups are logical groupings of VIFs. For more information, see VIF group associations.
VPC associations – You use to create VPC associations with your VPCs and the local gateway route table. VPC route tables associated with subnets that reside on an Outpost can use the local gateway as a route target. For more information, see VPC associations.

When AWS provisions your Outpost rack, we create some components and you are responsible for creating others. The following list summarizes the breakdown of responsibilities:

AWS:
- Delivers the hardware.
- Creates the local gateway.
- Creates the virtual interfaces (VIFs) and a VIF group.
You:
- Create the local gateway route table.
- Associate a VPC with the local gateway route table.
- Associate a VIF group with the local gateway route table.

To create the local gateway route table, you must decide how your local gateway will connect to your on-premises network, including whether to use private IP addresses or customer-owned IP addresses. By default, the local gateway uses the private IP addresses of instances in your VPC to facilitate communication with your on-premise network. However, you can use a customer-owned IP address pool (CoIP) configuration, which supports overlapping CIDR ranges and other network topologies. To use this configuration, you must create a CoIP address pool, and the local gateway performs network address translation (NAT) for instances that have been assigned addresses from this pool. The local gateway NAT function is similar to how an internet gateway functions in an AWS Region. For more information, see Local gateway route tables.

Internet connectivity through the local gateway

The primary role of a local gateway is to provide connectivity from an Outpost to your local on-premises LAN. It also provides connectivity to the internet through your on-premises network. The local gateway can also provide a data plane path back to the AWS Region. If you already have connectivity between your LAN and the Region through AWS Site-to-Site VPN or AWS Direct Connect, you can use the same path to connect from the Outpost to the AWS Region privately.

The data plane path for the local gateway traverses from the Outpost, through the local gateway, and to your private local gateway LAN segment. It would then follow a private path back to the AWS service endpoints in the Region.

The following diagram shows a private connectivity configuration that uses an AWS Direct Connect connection, virtual interface, and virtual private gateway.

Architectural diagram for an Outpost private connectivity configuration.

Working with the local gateway

The local gateway connects an Outpost rack to your on-premises network. Outpost servers use a different approach. For more information, see Local network interface in the AWS Outposts User Guide for Outpost servers.

View and tag local gateway

You can view the details and tag your local gateway. Tags help you identify or categorize the local gateway according to your organization's needs.

To view the details of a local gateway

Open the AWS Outposts console at https://console.aws.amazon.com/outposts/.
To change the AWS Region, use the Region selector in the upper-right corner of the page.
On the navigation pane, choose Local gateways.
Select the local gateway and then choose View details.

You can tag your local gateway to help you identify them or categorize them according to your organization's needs.

To manage the local gateway tags

Open the AWS Outposts console at https://console.aws.amazon.com/outposts/.
To change the AWS Region, use the Region selector in the upper-right corner of the page.
On the navigation pane, choose Local gateways.
Select the local gateway and then choose Manage tags.
Add or remove a tag.

To add a tag, choose Add new tag and do the following:
- For Key, enter the key name.
- For Value, enter the key value.
To remove a tag, choose Remove to the right of the tag’s key and value.
Choose Save changes.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Outposts and sites

Local gateway route tables