How do I configure Direct Connect and VPN failover with Transit Gateway?

Last updated: 2020-01-13

I want to configure AWS Direct Connect as the primary link to my on-premises resources, and configure a VPN as the secondary link to the same resources. How can I do this with AWS Transit Gateway?

Resolution

Task 1: Create a transit gateway

Task 2: Attach your VPC to your transit gateway

Task 3: Create a site-to-site VPN and attach it to your transit gateway

Note: When creating your site-to-site VPN, choose Dynamic for Routing options. Static routes have a higher precedence than dynamic propagated routes in the Transit Gateway Route Evaluation Order.

Task 4: Attach your Direct Connect gateway to your transit gateway

Task 5: Create transit gateway route tables, and then enable route propagation for all attachments

Note: Be sure to advertise the same prefix on the Border Gateway Protocol (BGP) session on the Direct Connect Transit Virtual Interface (VIF) and the BGP session over the VPN.

  1. Open the Amazon Virtual Private Cloud (Amazon VPC) console.
  2. From the navigation pane, choose Transit Gateways.
  3. Verify that the Default association route table setting for your transit gateway is set to False.
    Note: If the setting is set to True, skip to task 6.
  4. Choose Transit Gateway Route Tables.
  5. Choose Create Transit Gateway Route Table and then complete the following:
    For Name tag, enter Route Table A.
    For Transit Gateway ID, choose the Transit Gateway ID for your transit gateway.
    Choose Create Transit Gateway Route Table.
  6. Choose Route Table A (or the default route table of your transit gateway) and choose AssociationsCreate Association.
  7. For Choose attachment to associate, choose the association IDs for your VPCs and choose Create Association. Repeat this step until your Direct Connect gateway, VPN, and VPCs all display under Association.
  8. Choose Route Table Propagation.
  9. Choose Propagation. For Choose attachment to propagate, choose your Direct Connect gateway, VPN, and VPCs.

Task 6: Configure the route table associated with your VPC and attachment subnet

  1. Open the Amazon VPC console.
  2. From the navigation pane, choose Route Tables.
  3. Choose the route table that's attached to the attachment subnet.
  4. Choose the Routes tab and choose Edit Routes.
  5. Choose the Add Route tab and then complete the following:
    For Destination, choose the subnet of the on-premises network.
    For Target, choose your transit gateway.
    Choose Save routes.

Did this article help you?

Anything we could improve?


Need more help?