This presenter is EXTREMELY organized and easy to follow. I’ve found a small mistake in his presentation at 18:30. His VPC is defined as 10.1.0.0/16. So far so good. But then he uses the following example...’I have a host 10.1.0.1 that wants to communicate with an on-premises host 172.x.x.x’. Anyone? Anyone? The 10.1.0.1 is reserved for the router. And just to be crystal clear - I think this presenter is FAR FAR more knowledgeable about AWS networking than me. I’m under no illusion.
Hi Alan, I'd also like to get some more details regarding how exactly the Transit GW Routing Domains share routes with each other? For instance, you have your two VPC's connected to a VPC Route Domain, and then an outbound route domain, did those prefixes have to be manually created or is there a way to have automatic propagation with an approval review process?
Dear Alan, thanks very much for the excellent explanation of Transit Gateway. However, I have two questions: 1. when you mentioned about the 10.0.0.0/8 blackhole rule, I think there is a pre-requisite that the SNAT instance is single-nic. In a typical NAT setup, you would have traffic flowing from inside to outside. because both source and destination reside behind inside, the SNAT instance should return the traffic without NAT. 2. could you please explain more about the Availability Zone affinity rule for Transit Gateway? For example, if one VPC attaches with two subnets in two AZs, and the other VPC attaches with three subnets in three AZs, what would happen to/from traffic from the third AZ?
Does Amazon ECS service discovery work with this Centralized private link with Hybrid cloud architecture reference in this video ? Could you share us more details how it works with conjunction with shared service VPC hosting all private hosted zones and R53 DNS resolver endpoints setup ?
Can I enable communication between multiple VPCs in different region to the on-premise network through a single VPN connection attached to my transit gateway (if transitive peering enabled)?
You can build route based VPN on one CGW (Keeps both the tunnels of VPN UP - CGW must be capable of handling asymmetric routing) We got Active Active | Active standby can be achived by creating a policy based VPN tunnel on the CGW, provided that some kind of failover mechanism is implemented to bring make the Standyby tunnel active. But always make use BGP based VPN.
Transit gateway - 4 syllables
TGW - 5 syllables
Sometimes acronyms only make sense in writing
Good find 😂
This presenter is EXTREMELY organized and easy to follow. I’ve found a small mistake in his presentation at 18:30. His VPC is defined as 10.1.0.0/16. So far so good. But then he uses the following example...’I have a host 10.1.0.1 that wants to communicate with an on-premises host 172.x.x.x’. Anyone? Anyone? The 10.1.0.1 is reserved for the router. And just to be crystal clear - I think this presenter is FAR FAR more knowledgeable about AWS networking than me. I’m under no illusion.
He's made a number of mistakes during his presentation sadly.
Hi Alan, I'd also like to get some more details regarding how exactly the Transit GW Routing Domains share routes with each other? For instance, you have your two VPC's connected to a VPC Route Domain, and then an outbound route domain, did those prefixes have to be manually created or is there a way to have automatic propagation with an approval review process?
18:35, you can't have instance with the IP of 10.1.0.1 there ;)
Dear Alan, thanks very much for the excellent explanation of Transit Gateway. However, I have two questions:
1. when you mentioned about the 10.0.0.0/8 blackhole rule, I think there is a pre-requisite that the SNAT instance is single-nic. In a typical NAT setup, you would have traffic flowing from inside to outside. because both source and destination reside behind inside, the SNAT instance should return the traffic without NAT.
2. could you please explain more about the Availability Zone affinity rule for Transit Gateway? For example, if one VPC attaches with two subnets in two AZs, and the other VPC attaches with three subnets in three AZs, what would happen to/from traffic from the third AZ?
Does Amazon ECS service discovery work with this Centralized private link with Hybrid cloud architecture reference in this video ?
Could you share us more details how it works with conjunction with shared service VPC hosting all private hosted zones and R53 DNS resolver endpoints setup ?
Can I enable communication between multiple VPCs in different region to the on-premise network through a single VPN connection attached to my transit gateway (if transitive peering enabled)?
yes
19:30, you meant routing domain for VPN
are there plans to allow connectivity between tgw's across different regions and different AWS accounts?
TGW peering is available across some AWS regions which allows this
is it possible to make active active / active-standby two vpn tunnel by using static route ?
You can build route based VPN on one CGW (Keeps both the tunnels of VPN UP - CGW must be capable of handling asymmetric routing) We got Active Active | Active standby can be achived by creating a policy based VPN tunnel on the CGW, provided that some kind of failover mechanism is implemented to bring make the Standyby tunnel active.
But always make use BGP based VPN.
Do you have any example? İs it possible with static route..