How AWS Transit Gateway (TGW) Subnets Work
Learning Center | Answers | Transit
When you create an AWS Transit Gateway (TGW) attachment (either a VPC or a VPN attachment), the AWS workflow indicates you can only select one subnet per Availability Zone; however, it does not mean that you can only route traffic to resources in that subnet.
The purpose of attaching only one subnet per Availability Zone is to allow that Availability Zone to be used by the AWS Transit Gateway (TGW) to route traffic to ALL resources in VPC subnets. Once you specify the subnet in the Availability Zone, that Availability Zone is enabled, and now AWS Transit Gateway (TGW) can route traffic to all the subnets in that Availability Zone – not just the subnet it was initially attached to.
However, the way AWS implements this can be confusing as you must scan all the Availability Zones, choose the subnet for each Availability Zone, and connect it to the VPC or VPN attachment. The console explicitly says, “you can only select one subnet per Availability Zone” but this is misleading – the attachment, is still provides connectivity to all the other subnets in the VPC.
The Aviatrix cloud network platform simplifies this manual process. Aviatrix scans all the Availability Zones in your VPC and automatically chooses one subnet per availability zone, then makes the correct attachments to ensure connectivity across subnets for basic AWS transit gateway connectivity.
Transit Networking for Enterprise Requirements
If you are like most enterprises, you will quickly discover you need more visibility and troubleshooting capabilities, your need more control, you need advanced network and security and you need multi-cloud optionality. You may only be in AWS, for example, today but the requirement to support additional clouds has and will be driven by the business for many reasons including mergers and acquisitions and even more often by new customer requirements.
The Aviatrix cloud network platform brings multi-cloud networking, security, and operational visibility capabilities that go beyond what any cloud transit solution offers. Aviatrix leverages native cloud APIs to interact with and directly program native cloud networking constructs, abstracting the unique complexities of each cloud to form one transit network, and adds advanced networking and security features including:
- Intelligent central control that ensures transit network correctness
- Active-Active High-Availability Transit
- End-to-End and High-Performance IPSec Encryption (wire speed up to 75 Gbps)
- Single Terraform Provider for Day-One Multi-Cloud Infrastructure as Code Automation
- Enterprise Class Day-Two Operational Visibility and Troubleshooting
Try Aviatrix Cloud Network Platform Today or Schedule an Architectural Review Session
The Aviatrix cloud network platform is simple to deploy; the intelligent central controller is launched from cloud provider marketplaces and automates the deployment of additional network and security services, as required. Most customers launch and begin using Aviatrix services in an afternoon, easy to try and evaluate. We have experts available to help you. Email [email protected] and we will be happy to help you get started today. Learn about Aviatrix Certified Engineer (ACE) training or for more information go to aviatrix.com.