Attaching an Aviatrix Transit GW to TGW

Attach the Aviatrix Transit Gateway and its VPC to the AWS TGW’s Aviatrix_Edge_Domain to allow the Aviatrix Transit Gateway to send and receive packets from the AWS Transit Gateway.

An Aviatrix Transit Gateway can only be attached to one AWS TGW, and they need to be in the same region. To attach AWS TGWs from different regions, use the AWS TGW Peering tab.

In this step, route entries are added to the two created private subnet route tables as described in the table below.

subnet route table route entry description

-tgw-egress (for eth1)

-tgw-egress

0.0.0.0/0 → TGW

for traffic from Aviatrix Transit GW to TGW

-tgw-ingress

-tgw-ingress

0.0.0.0/0 → eth1

for traffic from TGW to Aviatrix Transit GW

There is no IPSec tunnel between the AWS Transit Gateway and the Aviatrix Transit Gateway. The Aviatrix Gateway behaves as an EC2 instance in a Spoke VPC (The Aviatrix Edge VPC) attached to the AWS Transit Gateway, as shown in the diagram below. Such a setup allows the Aviatrix Edge VPC to leverage the high performance provided by AWS Transit Gateway.

transit_complete

To attach an Aviatrix Transit Gateway to an AWS TGW:

  1. Go to Aviatrix CoPilot > Networking > Connectivity > AWS TGW tab > select the AWS TGW > select the Transit Gateway tab.

  2. Click Attach Transit Gateway. Note that you can only attach one Aviatrix Transit Gateway at a time.

  3. Enter the following information:

Setting Value

Transit Gateway

Click on the dropdown menu and select an Aviatrix Transit Gateway. Note that this gateway must be in the same region as the AWS TGW.

Network Domain

Aviatrix Edge Domain is the only option.

Click Attach.

After you finish these steps, your hybrid connection using Aviatrix Transit Gateway for TGW setup is complete. You will also be able to perform network segmentation for the AWS TGW domains that are now attached to the Transit Gateway.

In the above example, if you have any Spoke VPCs attached to the prod_domain, EC2 instances should be able to communicate with on-prem. Make sure instance security groups and any on-prem firewalls are configured properly.