Request a Demo

Transitive Routing

Learning Center | Cloud Networking | Transitive Routing

 

Learning Objectives

After reading this article you will be able to:

  • Understand Transitive Peering
  • See how Transitive Routing would alleviate the problems with Transitive Peering
  • Explain the benefits of Hub and Spoke VPCs
CLOUD NETWORKING ARTICLES

What is Cloud Networking?
What is a Hybrid Cloud Network?
What is Terraform and Infrastructure as Code?
What is AWS VPC Peering?
What is Transitive Routing?
Azure Networking Fundamentals
Microsoft Azure VNet Features
Azure Virtual Private Network (VPN)
How do I configure Azure VNet to VNet
Handling overlapping IPs

 

What is Transitive Routing?

In this post, we will cover transitive routing in the cloud with a focus on Amazon Web Services (AWS).

But before defining what transitive routing is, let’s see what problem it tries to solve.

As you know, AWS provides to its customer Virtual Private Cloud (VPC), which is a “cloud in a cloud”.

The customer can define its subnets in the VPC, provide Internet access within it, and grant connectivity for the resources from VPC to on-premise data centers or to other locations (may that be another AWS VPC or another cloud provider).

Until recently, AWS did not allow to connect a VPC from one region to a VPC from another using the VPC Peering feature. VPC Peering is a network connection between two VPCs that allows to route IPv4 and IPv6 traffic between them.

Understanding Transitive Peering

AWS has some unsupported VPC Peering configurations and one among them is Transitive Peering. Let’s suppose that you have VPC-A connected to VPC-B using a peering connection, and you have another peering connection between VPC-B and VPC-C.

There is no direct peering connection between VPC-A and VPC-C. Although both are connected to VPC-B, they cannot use VPC-B to communicate with each other.

A transit VPC simplifies network management and minimizes the number of connections between VPCs. A full-mesh peering between four VPCs will require N*(N-1)/2 links (where N is the number of the VPCs), which in this case is six.

Imagine what this would mean if there are 100 VPCs. Not to mention the time and costs involved to deploy such a solution.

Transitive Routing would alleviate all these problems.

Transitive routing can be achieved using third party software or appliances (AWS recommends using the vendor that the operator feels most comfortable with). There are two types of topologies that can be used in AWS.

The first one is Hub and Spoke, where all the VPCs (spokes) are connected to a central VPC (hub). All the routing is performed by the hub VPC. The immediate benefit is that the number of network connections between VPCs is kept to a minimum.

One disadvantage might be that it increases the latency between two spokes and this sometimes might affect the application performance (in this case, an alternative would be a VPC Peering between those two VPCs).

The second topology is a meshed network. It means that there is a partial-mesh network where some VPCs have a network connection with some VPCs but not with others. The network connections can be made using VPC Peering or using third-party software.

It was mentioned in the above that third-party software will allow transitive routing. They are appliances that support routing functions and can be simple Linux VMs that can perform routing, or they can be network appliances from well-known networking vendors like Cisco, Juniper, and others.

In both cases, connections between VPCs use VPN tunnels over which dynamic routing protocols are running for route advertisements (static route can although this is configuration error-prone and operationally expensive).

In the case of Hub and Spoke, the spoke VPCs are using their Virtual Private Gateways (VGW) to establish the VPN tunnels with the hub. This allows benefiting from the VGW capabilities for routing and failover.

Discovering the benefits of Hub and Spoke VPCs

The benefits of using Hub and Spoke VPCs include the ability to implement network address translation (NAT) between overlapping VPC CIDRs and to implement additional network-level packet filtering and inspection.

In the case of a meshed network, because there is no central/hub VPC, the VPN tunnels are established between EC2 instances capable to support VPN tunnels.

One benefit of using meshed networks is that there is the possibility to have two VPCs to be directly connected, hence having a low latency for applications that require low latency.

The reference section provides information where you can get additional information about transitive routing, along with some guides on how to configure transitive routing using some well-known networking vendors.

Learn
Build
Engage
Get Aviatrix updates and
customer newsletters