Introduction
A Transit Gateway is a network transit hub that connects your virtual private clouds (VPCs) with your on-premises networks. And this article will discuss AWS Transit Gateway, how it works, and some of its features.
The AWS Transit Gateway service consolidates the AWS VPC routing configuration for a region using a hub-and-spoke design. It is a highly available and scalable service. Inter-Region peering uses the AWS Global Architecture to connect transit gateways as your cloud infrastructure grows internationally. AWS Transit Gateway traffic is always routed through the AWS global backbone and never over the public internet, decreasing the risk of typical vulnerabilities and DDoS attacks.
Let us discuss how the AWS transit gateway works.
Working of AWS Transit Gateway
A transit gateway acts as a virtual router for traffic flowing between your virtual private clouds (VPCs) and on-premises networks. A transit gateway scales softly based on the volume of network traffic. The transit gateway requires an Architecture diagram, resource attachments, availability zones, and routing to work. Let us discuss them one by one.
Architecture
The diagram given below shows a transit gateway with three VPCs.
Source: https://docs.aws.amazon.com/vpc/latest/tgw/how-transit-gateways-work.html
The route table for each of these VPCs comprises the local route and routes that transmit traffic to the transit gateway meant for the other two VPCs.
Resource Attachments
A transit gateway attachment is a source and the destination of the packets. Here we can attach the following to our gateway:
- One or more Virtual Private Cloud (VPC)
- One or more VPN
- One or more Transit Gateway Connect attachments
- One or more Transit Gateway Peering Connections
- One or more AWS Direct Connect Gateways
Also, an intra-region peering connection is supported. So, we can have different transit gateways in different regions.
Availability Zones
When we attach one or more VPCs to a transit gateway, we must enable one or more Availability Zones to be used by the transit gateway to route traffic to resources in the VPC subnets. To enable each Availability Zone, we specify precisely one subnet. Resources in Availability Zones with no transit gateway attachment cannot connect to the transit gateway. The transit gateway creates a network interface in that subnet using one of the subnet's IP addresses. When an Availability Zone is enabled, traffic can be routed to all subnets in that zone, not just the selected subnet.
Routing
Using transit gateway route tables, transit gateway routes IPv4 and IPv6 packets between attachments. These route tables may be configured to propagate routes from the route tables to the associated VPCs, VPN connections, and Direct Connect gateways. Static routes can also be added to transit gateway route tables. When a packet arrives at one attachment, it is sent to another using the route corresponding to the destination IP address.
Note- For transit gateway peering attachments, only static routes are supported.
Let us discuss some features of the Transit Gateway.
34+ registered 
