Transitive Routing in AWS

Transitive routing in the cloud is a solution designed to solve connectivity problems in cloud networking.

What is Transitive Routing?

Transitive routing is a solution that simplifies network management, minimizing the number of connections between VPCs. There are some unsupported VPC Peering configurations in AWS, including transitive peering, which allows communication between two VPCs that are peered to a third VPC but not to each other. In Amazon Web Services (AWS), Virtual Private Cloud (VPC) is a common feature utilized by customers that allows the creation of subnets within a “cloud in a cloud” infrastructure. The VPC also provides internet access and serves as a bridge for connectivity to on-premise data centers or other AWS VPCs and cloud providers.

How Transitive Routing Works

Transitive routing can be accomplished by using third-party software or appliances. Two types of topologies can be used in AWS: Hub and Spoke, and meshed networks. In a Hub and Spoke topology, all VPCs are connected to a central VPC that handles all routing. While with meshed networks, some VPCs have direct connection while others do not.

In both cases, connections between VPCs use VPN tunnels over which dynamic routing protocols are running for route advertisements (static route can although this is configuration error-prone and operationally expensive). In the case of Hub and Spoke, the spoke VPCs are using their Virtual Private Gateways (VGW) to establish the VPN tunnels with the hub. This allows benefiting from the VGW capabilities for routing and failover. It was mentioned above that third-party software will allow transitive routing. They are appliances that support routing functions and can be simple Linux VMs that can perform routing, or they can be network appliances from well-known networking vendors like Cisco, Juniper, and others.

Benefits and disadvantages of Hub and Spoke VPCs

Hub and Spoke VPCs, where all the VPCs (spokes) are connected to a central VPC (hub), is beneficial due to the number of network connections between VPCs is kept to a minimum. Implementing Hub and Spoke VPCs come with several benefits such as the implementation of network address translation (NAT) between overlapping VPC CIDRs and additional network-level packet filtering and inspection.

One disadvantage might be that it increases the latency between two spokes and this sometimes might affect the application performance (in this case, an alternative would be a VPC Peering between those two VPCs).

Using Meshed Networks

In meshed networks, VPN tunnels are established between capable EC2 instances, allowing a direct connection between two VPCs with low latency. One benefit of using meshed networks is that there is the possibility to have two VPCs to be directly connected, hence having a low latency for applications that require low latency.