AWS Transit Gateway (TGW) enables customers to connect their VPCs and their on-premises networks to a single gateway. It acts as a hub that controls how traffic is routed among all the connected networks which act like spokes. The AWS Transit Gateway (TGW) was designed to replace the older Transit VPC architecture, which deployed third-party instances that performed transitive routing functions.
While both the AWS Transit Gateway (TGW) and the older Transit VPC constructs allow for connectivity, the routing updates and related challenges are entirely different. Let’s take a look at the legacy approach of implementing transit using the Transit VPC architecture:
The connectivity to on-premise relies on Direct Connect or IPsec VPN and terminates in a VGW, which is attached to the Transit VPC. A third-party appliance (Cloud Router) with transitive routing capabilities connects the VGW to all the “spoke VPCs.”
In this construct, the on-premise (or Datacenter) environment routes are learned by the VGW through Border Gateway Protocol (BGP). The third-party appliance/instance also learns these on-premise routes through BGP from the VGW and propagates them to the spoke VPCs’ route tables. So, if we add or remove a subnet in the datacenter or connect a new branch location, the route changes are propagated to the Spoke VPCs using multiple BGP hops.
Now, let’s look at the newer AWS Transit Gateway (TGW).
The AWS Transit Gateway (TGW) can connect to on-prem environments using VPN (or Direct Connect) and learn routes using BGP. The AWS Transit Gateway (TGW) has internal Route Tables that get populated with the on-premise routes. But, the AWS Transit Gateway (TGW) does not propagate these routes to the spoke VPC route tables. The VPC route updates have to be done via static route updates.
Similarly, route changes on-premise or VPC changes in the cloud have to be statically maintained when using the AWS Transit Gateway (TGW). Therefore, the native AWS Transit Gateway (TGW) solution alone may not meet all your requirements.
To overcome this problem, AWS recommends using Aviatrix’s AWS Transit Gateway (TGW) Orchestrator feature, which is delivered by the Aviatrix Multi-Cloud Networking Platform. Aviatrix’s AWS Transit Gateway (TGW) Orchestrator completes route propagation into the VPC spokes and enforces security domains and connection policies.