Skip to main content

Building Hub-and-Spoke Network Topology with Transit Gateway

Hands-On Lab

 

Photo of Tia  Williams

Tia Williams

AWS Training Architect II in Content

Length

00:45:00

Difficulty

Intermediate

In this hands-on lab, we will build a hub-and-spoke network topology with Transit Gateway and attach two VPCs. We will review the propagated routes on the Transit Gateway, create the appropriate routes in our VPCs, and validate the connectivity. We will also do some troubleshooting to see why our environment is not working as we thought it should.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Building Hub-and-Spoke Network Topology with Transit Gateway

Introduction

In this hands-on lab, we will build a hub-and-spoke network topology with Transit Gateway and attach two VPCs. We will review the propagated routes on the Transit Gateway, create the appropriate routes in our VPCs, and validate the connectivity. We will also do some troubleshooting to see why our environment is not working as we thought it should.

Solution

Log in to the AWS Management Console using the credentials provided, and make sure you are in the us-east-1 (N. Virginia) region.

Configure AWS Transit Gateway

  1. Navigate to VPC > Transit Gateways.
  2. Click Create Transit Gateway.
  3. For Name tag and Description, enter "labtransitgw".
  4. For Amazon side ASN, enter "65065".
  5. Leave DNS and ECMP support enabled.
  6. Leave the default route table association and propagation.
  7. Click Create Transit Gateway. It may take up to five minutes to enter an available state.

Attach Three VPCs to Transit Gateway and Create the Appropriate VPC Routes

In the left-hand menu, select Transit Gateway Attachments.

VPC1

  1. Click Create Transit Gateway Attachment, and set the following values:
    • Transit Gateway ID: labtransitgw
    • Attachment type: VPC
    • Attachment name tag: VPC1
    • VPC ID: VPC1
    • Subnet ID: PublicSubnet1
  2. Click Create attachment > Close.

VPC2

  1. Click Create Transit Gateway Attachment, and set the following values:
    • Transit Gateway ID: labtransitgw
    • Attachment type: VPC
    • Attachment name tag: VPC2
    • VPC ID: VPC2
    • Subnet ID: PublicSubnet2
  2. Click Create attachment > Close.

VPC3

  1. Click Create Transit Gateway Attachment, and set the following values:
    • Transit Gateway ID: labtransitgw
    • Attachment type: VPC
    • Attachment name tag: VPC3
    • VPC ID: VPC3
    • Subnet ID: PublicSubnet3
  2. Click Create attachment > Close.
  3. Give it a few minutes for all three transit gateway attachments to finish being created.

Create the Appropriate Routes on the VPCs

In the left-hand menu, select Route Tables.

Public1-RT (with Routes to VPC2 and VPC3)

  1. Select Public1-RT.
  2. Click the Routes tab.
  3. Click Edit routes.
  4. Click Add route.
  5. Set Destination as "10.2.0.0/16".
  6. Set Target as Transit Gateway, and select labtransitgw.
  7. Click Add route.
  8. Set Destination as "10.3.0.0/16".
  9. Set Target as Transit Gateway, and select labtransitgw.
  10. Click Save routes.

Public2-RT (with Routes to VPC1 and VPC3)

  1. Select Public2-RT.
  2. Click the Routes tab.
  3. Click Edit routes.
  4. Click Add route.
  5. Set Destination as "10.1.0.0/16".
  6. Set Target as Transit Gateway, and select labtransitgw.
  7. Click Add route.
  8. Set Destination as "10.3.0.0/16".
  9. Set Target as Transit Gateway, and select labtransitgw.
  10. Click Save routes.

Public3-RT (with Routes to VPC1 and VPC2)

  1. Select Public3-RT.
  2. Click the Routes tab.
  3. Click Edit routes.
  4. Click Add route.
  5. Set Destination as "10.1.0.0/16".
  6. Set Target as Transit Gateway, and select labtransitgw.
  7. Click Add route.
  8. Set Destination as "10.2.0.0/16".
  9. Set Target as Transit Gateway, and select labtransitgw.
  10. Click Save routes.

Validate Connectivity from Terminal to all VPCs

Note: All EC2 instance credentials and IP addresses referenced in this section are provided on the lab page.

  1. Copy the public IP of EC2 INSTANCE1 listed on the lab page.

  2. Open Terminal.

  3. Log in to the instance via SSH:

    ssh cloud_user@<INSTANCE1_PUBLIC_IP>

    Answer yes, and then enter the password.

  4. Ping the public IP address of EC2 INSTANCE2:

    ping <INSTANCE2_PUBLIC_IP>

    We should get a reply.

  5. Exit the ping by pressing Ctrl+C.

  6. Ping the private IP address for EC2 INSTANCE3:

    ping <INSTANCE3_PRIVATE_IP>

    It won't work this time.

  7. Exit the ping by pressing Ctrl+C.

Troubleshoot

Edit Inbound and Outbound Rules
  1. In the AWS Management Console, navigate to EC2 > Instances.
  2. Select Instance3.
  3. In the Description section on the page, note that it's in the private subnet, not the public subnet we associated it with earlier.
  4. Navigate to VPC > Network ACLs.
  5. Select Private3-NACL.
  6. Click the Inbound Rules tab.
  7. Click Edit inbound rules.
  8. Give it a Rule # of "100", and leave the other defaults.
  9. Click Add Rule.
  10. Give it a Rule # of "200".
  11. For Type, choose All ICMP - IPv4.
  12. Click Save.
  13. Click the Outbound Rules tab.
  14. Click Edit outbound rules.
  15. Click Add Rule.
  16. Give it a Rule # of "100", and leave the other defaults.
  17. Click Add Rule.
  18. Give it a Rule # of "200".
  19. For Type, choose All ICMP - IPv4.
  20. Click Save.
  21. In the terminal, try to ping the private IP address for INSTANCE3 again:

    ping <INSTANCE3_PRIVATE_IP>

    It still won't work.

  1. Exit the ping by pressing Ctrl+C.
Modify Transit Gateway Attachment
  1. In the AWS console, in the left-hand menu, select Transit Gateway Attachments.
  2. Select VPC3.
  3. Select Actions > Delete.
  4. In the dialog, click Delete.
  5. Give it a few minutes to finish being deleted. (You won't be able to create a new VPC3 transit gateway attachment until it's deleted, since they have the same name.)
  6. Click Create Transit Gateway Attachment, and set the following values:
    • Transit Gateway ID: labtransitgw
    • Attachment type: VPC
    • Attachment name tag: VPC3
    • VPC ID: VPC3
    • Subnet ID: PrivateSubnet3
  7. Click Create attachment > Close.
  8. Give it a few minutes to finish being created.
Modify Routes
  1. In the left-hand menu, select Route Tables.

  2. Select Private3-RT.

  3. Click the Routes tab.

  4. Click Edit routes.

  5. Click Add route.

  6. Set Destination as "10.1.0.0/16".

  7. Set Target as Transit Gateway, and select labtransitgw.

  8. Click Add route.

  9. Set Destination as "10.2.0.0/16".

  10. Set Target as Transit Gateway, and select labtransitgw.

  11. Click Save routes.

  12. In the terminal, try to ping the private IP address for INSTANCE3 again:

    ping <INSTANCE3_PRIVATE_IP>

    This time, we should get a reply.

  13. Exit the ping by pressing Ctrl+C.

  14. Ping the private IP address of INSTANCE2:

    ping <INSTANCE2_PRIVATE_IP>

    We should get a reply.

  15. Exit the ping by pressing Ctrl+C.

Conclusion

Congratulations on successfully completing this hands-on lab!