Q: How do I control which Amazon VPCs can communicate with each other?
A: You can segment your network by creating multiple route tables in an Amazon Transit Gateway and associate Amazon VPCs. This will allow you to create isolated networks inside an Amazon Transit Gateway similar to virtual routing and forwarding (VRFs) in traditional networks. The Amazon Transit Gateway will have a default route table. The use of multiple route tables is optional.
Q: How does routing work in Amazon Transit Gateway?
A: Amazon Transit Gateway supports dynamic and static routing between attached Amazon VPCs. By default, Amazon VPCs are associated to the default route table. You can create additional route tables and associate Amazon VPCs with it.
The routes decide the next hop depending on the destination IP address of the packet. Routes can point to an Amazon VPC.
Q: How do routes get propagated into the Amazon Transit Gateway?
A: Routes get propagated in the Amazon Transit Gateway to/from Amazon VPCs: When you attach an Amazon VPC to an Amazon Transit Gateway or resize an attached Amazon VPC, the Amazon VPC Classless Inter-Domain Routing (CIDR) will propagate into the Amazon Transit Gateway route table using internal APIs (not BGP). CIDR is a method for allocating IP addresses and IP routing to slow the growth of routing tables on routers across the Internet, and to help slow the rapid exhaustion of IPv4 addresses. Routes in the Amazon Transit Gateway route table will not be propagated to the Amazon VPC’s route table. Amazon VPC owner need to create static route to send Traffic to the Amazon Transit Gateway.
Q: Can I connect Amazon VPCs with overlapping CIDRs?
A: Amazon Transit Gateway doesn’t support routing between Amazon VPCs with overlapping CIDRs. If you attach a new Amazon VPC that has a CIDR which overlaps with an already attached Amazon VPC, Amazon Transit Gateway will not propagate the new Amazon VPC route into the Amazon Transit Gateway route table.
Performance and limits
Q: What are the service limits that I need to keep in mind while using Amazon Transit Gateways?
A: The table below list the different service limits:
|Number of Amazon Transit Gateway attachments
|Maximum bandwidth (burst) per VPC connection||50 Gbps|
|Number of Amazon Transit Gateways per account
|Number of Amazon Transit Gateway attachments per VPC
|Number of routes||10,000|
Q: Does Amazon Transit Gateway support IPv6?
A: Yes, Amazon Transit Gateway supports attaching Amazon VPCs with IPv6 CIDRs.
Q: Which Amazon VPC features are not supported in the first release?
A: Security Group Referencing on Amazon VPC is not supported at launch. Spoke Amazon VPCs cannot reference security groups in other spokes connected to the same Amazon Transit Gateway.