AWS TGW Reference Architectures for Multi-VPC - 1/5 - Brief

The architecture will share 5 topics:

1. AWS TGW Reference Architectures for Multi-VPC - 1/5 - Brief

2. AWS TGW Reference Architectures for Multi-VPC - 2/5 - Inbound Traffic

3. AWS TGW Reference Architectures for Multi-VPC - 3/5 - Outbound Traffic

4. AWS TGW Reference Architectures for Multi-VPC - 4/5 - East-West Traffic

5. AWS TGW Reference Architectures for Multi-VPC - 5/5 - Backhaul to On-Premises Traffic

All Topology_v20211003(Need to wait for 30 sec to open the 5 web pages)

1. AWS TGW Reference Architectures for Multi-VPC - 1/5 - Brief

This architecture will include:

AWS Virtual Private Cloud (VPC),

AWS Elastic Compute Cloud (EC2),

AWS Internet gateways (IGW)

AWS Virtual Private Network (VPN)

AWS Transit Gateway (TGW),

AWS Application Load Balancer (ALB),

This architecture also called Centralized design model,

I segment the Web and APP resources across multiple VPCs and connect into a Hub-and-Spoke topology.

The hub of the topology, is the TGW.

There are two Firewalls (FW) in the Security VPC, the traffic between the Internet and VPCs or On-Premises will be filter and check by FW.

I will step by step to share my experience to explain the traffic different behavior when traffic flow go through different devices.

For example, When Traffic go out form ALB, the source IP and destination IP will be change.

In the design, FW need to do Source NAT (SNAT) or Destination NAT (DNAT) for symmetric routing.

Reference:

1. AWS TGW Reference Architectures for Multi-VPC - 1/5 - Brief

2. AWS TGW Reference Architectures for Multi-VPC - 2/5 - Inbound Traffic

3. AWS TGW Reference Architectures for Multi-VPC - 3/5 - Outbound Traffic

4. AWS TGW Reference Architectures for Multi-VPC - 4/5 - East-West Traffic

5. AWS TGW Reference Architectures for Multi-VPC - 5/5 - Backhaul to On-Premises Traffic

最初發表 / 最後更新: 2021.08.29 / 2021.10.03