AWS Accelerated Site-to-Site VPN – AWS Transit Gateway, Single AWS Region. - Hybrid Connectivity

AWS Accelerated Site-to-Site VPN – AWS Transit Gateway, Single AWS Region.

This model is constructed of the following:

  • Single AWS Region

  • AWS Managed Site-to-Site VPN connection with AWS Transit Gateway

  • Accelerated VPN enabled

AWS Managed VPN – AWS Transit Gateway, Single AWS
              Region

Figure 1 – AWS Managed VPN – AWS Transit Gateway, Single AWS Region

Connectivity model attributes

  • Provides the ability to establish more optimized VPN connection performance over the public internet, by using AWS accelerated Site-to-Site VPN connections. This routes traffic from your on-premises network to an AWS edge location that is closest to your customer gateway device.

  • Provides the ability to achieve higher VPN connection bandwidth by configuring multiple VPN tunnels with ECMP.

  • Can be used for connecting from one or multiple (high scale) numbers of remote sites.

  • Offers automated failover, with dynamic routing (BGP).

  • With AWS Transit Gateway connected to VPCs, all the connected VPCs can share the VPN connection. Also, full or partial mesh connectivity can be achieved between the VPCs. With AWS Transit Gateway, you can control the desired communication model among the VPCs. For more information, see How transit gateways work.

  • Offers flexible design options to integrate third-party security and SD-WAN virtual appliances with AWS Transit Gateway. For more information, see Centralized network security for VPC-to-VPC and on-premises to VPC traffic.

Scale considerations

  • Up to 50 Gbps of bandwidth with multiple IPsec VPN tunnels and ECMP configured. Each traffic flow will be limited to the maximum bandwidth per VPN tunnel.

  • Hundreds of VPCs can be connected per AWS Transit Gateway.

  • For information about other scale limits, such as number of routes, see Site-to-Site VPN quotas.

Other considerations

  • Additional AWS Transit Gateway processing cost for data transfer between on-premises data center and AWS.

  • Security groups in a remote VPC cannot be referenced over AWS Transit Gateway. If security group referencing is a requirement, we recommend that you consider VPC peering. However, VPC peering adds operational complexity to build and manage a large number of VPC point-to-point peering at scale.