AWS DX – DXGW with AWS Transit Gateway, Multi-Regions, and AWS Public Peering - Hybrid Connectivity

AWS DX – DXGW with AWS Transit Gateway, Multi-Regions, and AWS Public Peering

This model is constructed of the following:

  • Multi AWS Regions

  • Dual Direct Connect connections to independent DX locations

  • Single on-premises data center with dual connections to AWS

  • AWS DXGW with AWS Transit Gateway

  • High scale of VPCs per Region

AAWS DX – DXGW with AWS Transit Gateway, Multi-Regions, and AWS Public VIF

Figure 1 – AWS DX – DXGW with AWS Transit Gateway, Multi-Regions, and AWS Public VIF

Connectivity model attributes

  • AWS DX public VIF is used to access AWS public resources, such as Amazon S3 and DynamoDB, directly over the AWS DX connections.

  • Provides the ability to connect to VPCs and/or DX connection(s) in other Regions in the future.

  • With AWS Transit Gateway connected to VPCs, full or partial mesh connectivity can be achieved between the VPCs.

  • Cross-VPC and Cross-Region VPC communication facilitated by AWS Transit Gateway peering.

  • Offers flexible design options to integrate third-party security and SD-WAN virtual appliances with AWS Transit Gateway. For more information, see Centralized network security for VPC-to-VPC and on-premises to VPC traffic.

Scale considerations

  • The number of routes to and from AWS Transit Gateway are limited to the maximum supported number of routes over a Transit VIF. Inbound and outbound numbers vary. For more information about scale limits and support for the number of routes, see AWS Direct Connect quotas. We recommend route summarization to avoid going over this limit.

  • Scale up to thousands of VPCs per AWS Transit Gateway over a single BGP session to DXGW, assuming the provided performance by the provisioned AWS DX connection(s) is sufficient.

  • Single Transit VIF per AWS DX.

  • Additional AWS DX connections can be added as desired.

Other considerations

  • Incurs additional AWS Transit Gateway processing cost for data transfer between AWS and on-premises site.

  • Security groups of a remote VPC cannot be referenced over AWS Transit Gateway. If security group referencing is a requirement, we recommend that you consider VPC peering.

  • VPC peering can be use instead of AWS Transit Gateway to facilitate the communication between the VPCs. However, VPC peering adds operational complexity to build and manage a large number of VPC point-to-point peering at scale.

  • A single DXGW can support up to three AWS Transit Gateways. If more TGWs are required, additional DXGW need to be added. For more information, see the following connectivity model.