Overview - Transit Network VPC (Cisco CSR)


Amazon Virtual Private Cloud (Amazon VPC) provides customers with the ability to create as many virtual networks as they need, as well as different options for connecting those networks to each other and to non-AWS infrastructure. One common strategy for connecting multiple, geographically disperse VPCs and remote networks is to create a transit VPC that serves as a global network transit center. A transit VPC simplifies network management and minimizes the number of connections required to connect multiple VPCs and remote networks. This design can save time and effort and also reduce costs, as it is implemented virtually without the traditional expense of establishing a physical presence in a colocation transit hub or deploying physical network gear.

This guide provides infrastructure and configuration information for planning and deploying a transit VPC that assumes a typical hub-and-spoke network topology, as depicted in the diagram to the left. In this design, remote VPCs access each other and remote networks through the central, transit VPC.

The AWS Cloud provides a suite of infrastructure services that enable you to deploy a transit VPC solution in a highly available, fault-tolerant, and affordable way. By integrating Cisco Cloud Services Router (CSR) with the AWS Cloud, you can take advantage of the functionality of enterprise-class networking services and VPN along with the flexibility and security of AWS. (See the Additional Resources section for AWS Marketplace product links.)

The information in this guide assumes basic knowledge of highly available remote-network connectivity, IPsec VPNs, network addressing, subnetting, and routing. The following sections do not include general installation or configuration tasks for Cisco CSR. For additional general guidance, best practices, and licensing details consult the Cisco product documentation.

Cost and Licenses

You are responsible for the cost of the AWS services used while running this reference deployment. You are also responsible for the Cisco CSR licenses, which you can either purchase beforehand or request from the AWS Marketplace, depending on the deployment model you choose: Bring Your Own License (BYOL) or License Included. (See the Prerequisites section for details.)

As of the date of publication, the cost for running a transit VPC with this solution’s default settings in the US East (N. Virginia) Region is as shown in the table below.

Transit VPC Deployment Size BYOL Cost/Hour License Included Cost/Hour
2 x 500 Mbps $0.21 $4.21
2 x 1 Gbps $0.84 $6.22
2 x 2 Gbps $0.84 $7.68
2 x 4.5 Gbps $1.68 $10.74

Each spoke VPC connected to the transit network costs an additional $0.10/hour, plus network transit costs. Prices are subject to change. Additionally, the solution creates a unique AWS Key Management Service (AWS KMS) customer master key (CMK) for protecting network configuration information, which costs $1/month. For full details, see the pricing webpage for each AWS service you will be using in this solution.