Wondering how to configure Direct Connect and VPN failover with Transit Gateway? We can help you.

Here, at Bobcares, we assist our customers with several AWS queries as part of our AWS Support Services.

Today, let us see how our Support techs assist with this query.

How to configure Direct Connect and VPN failover with Transit Gateway?

Today, let us see the steps followed by our Support Techs to configure.

1: Create a transit gateway

2: Attach your VPC to your transit gateway

3: Create an AWS Site-to-Site VPN and attach it to your transit gateway

Note: When creating your Site-to-Site VPN, choose Dynamic for Routing options. Static routes have a higher precedence than dynamic propagated routes in the Transit Gateway Route Evaluation Order.

4: Attach your Direct Connect gateway to your transit gateway

Note: For each VPC as an attachment to your transit gateway, you must add the VPC CIDR range to the Direct Connect Gateway allowed prefix interaction.

After the prefixes are added, they’re advertised to the remote side over Transit Virtual Interface.

You can have a maximum of 20 prefixes per AWS Transit Gateway from AWS to on-premises on a transit virtual interface.

This quota can’t be increased.

If you have more than 20 VPCs, summarize the routes for multiple VPCs into a single CIDR range.

Enter the summarized routes in the Direct Connect Gateway allowed prefix interaction section.

5: Create transit gateway route tables, and then enable route propagation for all attachments

Note: Be sure to advertise the same prefix on the Border Gateway Protocol (BGP) session on the Direct Connect Transit Virtual Interface (VIF) and the BGP session over the VPN.

1. Firstly, open the Amazon Virtual Private Cloud (Amazon VPC) console.
2. From the navigation pane, choose Transit Gateways.
3. Then, verify that the Default association route table setting for your transit gateway is set to False.
Note: If the setting is set to True, skip to Step 6.
4. Next, choose Transit Gateway Route Tables.
5. Next, select Create Transit Gateway Route Table and then complete the following:
For Name tag, enter Route Table A.
Next for Transit Gateway ID, choose the Transit Gateway ID for your transit gateway.
6. Then, choose Create Transit Gateway Route Table.
7. Next, choose Route Table A and choose Associations, Create Association.
Then for Choose attachment to associate, choose the association IDs for your VPCs and choose Create Association. Repeat this step until your Direct Connect gateway, VPN, and VPCs all display under Association.
8. Then, choose Route Table Propagation.
9. Finally, choose Propagation. For Choose attachment to propagate, choose your Direct Connect gateway, VPN, and VPCs.

6: Configure the route table associated with your VPC and attachment subnet

1. Firstly, open the Amazon VPC console.
2. From the navigation pane, choose Route Tables.
3. Then, choose the route table that’s attached to the attachment subnet.
4. Next, choose the Routes tab and choose Edit Routes.
5. Then, select the Add Route tab and then complete the following:
For Destination, choose the subnet of the on-premises network.
Then for Target, choose your transit gateway.
6. Finally, choose Save routes.

[Need help with the process? We’d be happy to assist]

Conclusion

In short, we saw how our Support Techs configure Direct Connect and VPN failover with Transit Gateway.