AWS Transit Gateway Unveiled: Exploring Connectivity Across Multiple VPCs

In this blog we will explore transit gateway service in AWS. Mainly, we will see test cases by testing connectivity among ec2 instances present among three VPC's.

Pre-requisites:
1)create three VPC as seen in the above diagram.
1.1)Mainly create a private subnets in each VPC. In addition create a Public subnet in VPC -A. since, we need to connect to public instance and from there we can navigate to private instances.
1.2)create ec2 instances in three VPC's

1.3)In security groups enable the ssh and icmp .

Log in to public ec2 instance present in public subnet.

Log into the EC2 instance present in private subnet of VPC-A.
note: make sure to do the scp .

Test Cases:
Case1: Test connectivity among vpc .
Ping from EC2-A to EC2-B

Result: Not connecting.
Ping from EC2-A to EC2-C

Result: Not connecting.
Reason: Since there is no connectivity from one vpc to another vpc it is not connecting.

Now, Create the Transit gateway.

make sure to enable the default settings

Also, Create Transit gateway attachments for every VPC.

After the above configuration we can see corresponding Associations, Propagations and Routes by default. sample screenshots are below.

CASE-2: Post the TGW RT configuration. Ping Pong again

Result: Not Connecting
Reason: Since the route is not updated for TGW connection in Route tables of Private Subnets.

Update the routes as below for each private subnet.

Similar to vpc-b and vpc-c. Routes are updated as below.

Case-3: Testing connectivity after updated the routes.
Ping from EC2-A to EC2-C

Result: Connecting

Case-4: Ping from EC2-A to EC2-B

Result: Connecting

However, From the above setup every VPC can be communicating to every other VPC. Hence, we can restrict traffic like Only communication is happens between two VPC’s only but not every other VPC.
for example: In the below diagram, EC2-A can be communicated to ec2-B but not to EC2-C.

Finally, our VPC setup will be updated as per the test case.

Note: Delete the existing Transit gateway conenction and its relavent attachments.
Pre-requisite for new setup
2)Create a new Transit gateway and make sure to disable the default Route table association.

2.1)Again create 3 transit gateway VPC attachments for each VPC.
2.2)Also, create 3 transit gateway route tables and associate with each corresponding VPC attachments.

we can see the association by enabling individual route table.

From above configuration, we can see that every route table is attached to corresponding TGW attachment.
2.3)Finally setting up propagation.
Create propagation from VPC-A to VPC-B

On the similar lines create the propagation from Create propagation from VPC-B to VPC-C and VPC-B to VPC-A. Also, for VPC-C to VPC-B.

After setting up new TGW, lets test the connectivity.
Case-6: Ping from EC2-A to EC2-B

Result: Not connecting
Reason: Since, we did not updated any route table on VPC end. Manily after we created new Transit gateway.

Update the routes in 3 VPC with tgw-xxxx route as below.

Case-7: Ping from EC2-A to EC2-B

Result: Connecting

Case-8: connectivity test from EC2-A to EC2-C

Result: Not connecting
Reason: No TGW associate from VPC-A to VPC-C.

Login to EC2-B from EC2-A private instance.

Case-9: Connectivity test from EC2-B to ECA

Result: Connecting
Case-9: Connectivity test from EC2-B to EC-C

Result: Connecting

Finally we have makes our hands dirty by testing different testing
References:
1)AWS VPC and Networking in depth: Learn practically in 8 hrs by chetan agarwal.