How to Enable Peering Between Multiple (Inter-Region) VPCs via Transit Gateway?
Enabling peering between multiple VPCs on AWS can be difficult. It can be much more difficult if they are in different regions.
I will walk you through the process of enabling peering between multiple VPCs.
I have 2 VPCs. One is in Frankfurt (eu-central-1), the other one is in Sydney (ap-southeast-2).
Let me share my VPC configurations:
The subnet configurations:
I attached an internet gateway to each VPC.
0.0.0.0/24 is forwarded to the internet gateway.
I created two different EC2 servers. One is in Frankfurt, and the other in Sydney.
I tried to ping 8.8.8.8. It works.
I tried to ping each other via private IP addresses and they can’t ping each other via private IP addresses as expected:
The basic VPC configurations are set.
Let’s get started
Open the VPC Management Console. Find the Transit Gateways in the sidebar:
I will create the transit gateways (Transit Gateways>Create Transit Gateway):
I will wait until the state of the transit gateway is Available:
I will create a transit gateway attachment in Frankfurt and in Sydney.
Thus, I will enable communication between these transit gateways:
I will wait until the state of the transit gateway is Pending Acceptance:
I will now go to the Sydney region accept the peering request on the Transit gateway attachments page:
(Actions -> Accept transit gateway attachment -> Accept)
I will wait until the state of the transit gateway is Available:
I will create a gateway attachment for VPC-01 in Frankfurt and another gateway attachment for VPC-02 in Sydney:
I will wait until the state of the transit gateway attachment is Available:
I will create a route table for each transit gateway:
Waiting until they are available:
For each route table, I will create an association for peering
I will also create an association for each route table:
Waiting until they are associated:
I will create static routes for each transit gateway:
I’d like to remind you that we have the 10.0.0.0/24 IP range in Frankfurt. It should be forwarded to VPC-01 itself.
I’d like to remind you that we have the 192.168.0.0/24 IP range in Sydney. It should be forwareded to VPC-02 itself.
In Frankfurt, I will forward the 192.168.0.0/24 IP Range to the peering attachment gateway. So the requests sent to 192.168.0.0/24 will be forwarded to Sydney:
In Sydney, I will forward the 10.0.0.0/24 IP Range to the peering attachment gateway. So the requests sent to 10.0.0.0/24 will be forwarded to Frankfurt:
Is that all? Nope
In Frankfurt, I will create a routing rule in the VPC’s own route table. The VPC is attached to the EC2 server. The requests sent to 192.168.0.0/24 will be forwarded to the transit gateway, which will forward the requests to Sydney.
In Sydney, I will create a routing rule in the VPC’s own route table. The VPC is attached to the EC2 server. The requests sent to 10.0.0.0/24 will be forwarded to the transit gateway, which will forward the requests to Frankfurt.
Let’s try to ping each other over private IP addresses: