AWS Accelerated Site-to-Site VPN – AWS Transit Gateway, Single AWS Region. - Hybrid Connectivity

AWS Accelerated Site-to-Site VPN – AWS Transit Gateway, Single AWS Region.

This model is constructed of:

  • Single AWS Region.

  • AWS Managed Site-to-Site VPN connection with AWS Transit Gateway.

  • Accelerated VPN enabled.

Figure 6 – AWS Managed VPN – AWS Transit Gateway, Single AWS Region

Connectivity model attributes:

  • Provide the ability to establish more optimized VPN connection performance over the public internet, by using AWS accelerated site to site VPN connections.

  • Provide the ability to achieve higher VPN connection bandwidth, by configuring multiple VPN tunnels with ECMP.

  • Can be used for connection from one or multiple (high scale) numbers of remote sites.

  • Offers automated failover, with dynamic routing (BGP).

  • With AWS Transit Gateway connected to VPCs, all the connected VPCs can share the VPN connection, as well as full mesh connectivity or partial mesh connectivity can be achieved between the VPCs (with AWS Transit Gateway you can control the desired communication model among the VPCs, for more information refer to How transit gateways work).

  • Offers flexible design options to integrate third-party security and SDWAN virtual appliances with AWS Transit Gateway. See: Centralized network security for VPC-to-VPC and on-premises to VPC traffic.

Scale considerations:

  • Up 50Gbps of bandwidth with multiple IPsec tunnels and ECMP configured (each traffic flow will be limited to the maximum bandwidth per VPN tunnel).

  • Hundreds of VPCs can be connected per AWS Transit Gateway.

  • Route to the Site-to-Site VPN quotas for other scale limits such as number of routes.

Other considerations:

  • Additional AWS Transit Gateway processing cost for data transfer the on-premises data center and AWS.

  • Security groups of a remote VPC cannot be referenced over AWS Transit Gateway (need VPC peering).