Reputation: 2705
AWS Transit Gateway: why propagate routes to 2 route tables?
From the documentation of AWS Transit Gateway (under Route tables):
You can create additional route tables for your transit gateway. This enables you to isolate subsets of attachments. Each attachment can be associated with one route table. An attachment can propagate its routes to one or more route tables.
As far as I understand, when you associate an attachment with a route table, then it is reachable only within this route table (i.e. other attachments that are associated to this route table). If so, what's the point of having the ability to propagate its routes to more than the associated route table?
I thought that maybe an attachment that's associated with route table A, but propagates its routes to both route table A and route table B is reachable from route table B, but can't access attachments in route table B. But I've done this experiment, and it turned out false.
Can someone explain?
Upvotes: 0
Views: 488
Answers (1)
Reputation: 823
Association is what defines the route table that will be used to identify the next hop. There can be only one route table that an attachment can be associated with i.e. where the packets will land once they leave the attached resource.
Propagation is allowing others VPCs to be able to talk to the resource that propagated it's routes.
So, you can basically play around these constructs to define what is known as - network segmentation. These are boundaries that you would like enforce, such as: both VPC-A and VPC-B can talk to each other, both VPC-B and VPC-C can talk to each other, but VPC-A cannot talk to VPC-C.
So you might approach this scenario with the following configurations:
Route Table 1:
- Associated with attachment of
VPC-A VPC-Bpropagates it's routes to Route Table 1
Route Table 2:
- Associated with attachment of
VPC-B VPC-Apropagates it's routes to Route Table 2VPC-Cpropagates it's routes to Route Table 2
Route Table 3:
- Associated with attachment of
VPC-C VPC-Bpropagates it's routes to Route Table 3
It's important to note that this does not mean that the Route Tables should scale linearly with number of VPCs that you would have. It's always about finding the right balance around traffic segmentation and low operations overhead.
Upvotes: 0
Related Questions
- CloudFormation - Route Table route Propagation for Tansit Gateway
- How do I properly set up a cross-region transit gateway route with terraform?
- How to pass a querystring or route parameter to AWS Lambda from Amazon API Gateway
- AWS TransitGateway VPN Routes Remain in Blackhole State
- Terraform create map/dict from TG route table and TG attachment vpns to reference in resource aws_ec2_transit_gateway_route_table_association
- AWS Transit Gateway Routing
- If private S3 endpoints have a route to the Transit Gateway (TGW), can they communicate with other VPCs?