VPC Attachments for AWS TGW

Attach a VPC to an AWS TGW (Transit Gateway) to enable traffic flow between this VPC and other attachments in the same AWS TGW, including an Aviatrix Transit Gateway. This connection has a rate of 50Mbps.

This VPC acts as a Spoke VPC attached to the AWS TGW.

We strongly recommend creating a new Transit VPC. If you would like to use an existing VPC and its network CIDR is too small (not enough of /28 unused CIDR segments), use the AWS Edit VPC CIDR feature to create a new /23 subnet to deploy the Aviatrix Transit Gateway in TGW use case.

To create, review, and edit VPC attachments for AWS TGWs, go to Aviatrix CoPilot > Networking > Connectivity > AWS TGW tab and select the AWS TGW. In the AWS TGW’s Attachments, select the VPC tab.

Attaching a VPC to a TGW

To attach a VPC to an AWS TGW:

Go to Aviatrix CoPilot > Networking > Connectivity > AWS TGW tab > select the AWS TGW > select the VPC tab.
Click Attach VPC.

Provide the following information.

Setting	Value
AWS TGW	The name of the AWS TGW you selected above appears and cannot be changed.
VPC	Select a VPC in the VPC Account.
Network Domain Name	Select a network domain from the dropdown menu domain. Each VPC can only be attached to one Network Domain.
Advanced Settings	Click here to review more advanced options.
Advanced (Optional) Select Subnets	When selected, a dropdown menu of VPC subnets appears for you to multi-select subnets/AZs to attach to the VPC. If you do not select any subnets, a subnet representing each AZ for the VPC attachment will be used.
Advanced (Optional) Select Route Tables	Only the selected route tables will participate in TGW Orchestrator, i.e., learned routes will be propagated to these route tables.
Advanced (Optional) Customize Spoke VPC Routes	By default, RFC 1918 summarized routes and learned non-RFC 1918 specific routes are dynamically programmed into each Spoke VPC’s VPC route table. This feature allows you to statically program specific routes whose target is the AWS TGW. When you customize the Spoke VPC route entries, no learned routes are programmed into the VPC route table. If you wish no routes to be programmed by Aviatrix Orchestrator, enter 0.0.0.0/32.
Advanced (Optional) Customized Route Advertisement	By default, Spoke VPC advertises its VPC CIDR to TGW route table. This feature allows you to advertise different network CIDRs. In environments where all Spoke VPCs have one identical CIDR, attaching these Spoke VPCs to a TGW will result in an error. For example, if a Spoke VPC CIDR is 10.10.0.0/16, 100.100.0.0/16 where 100.100.0.0/16 is common across all Spoke VPCs results in error. When you enable this setting, the Spoke VPC only advertises 10.10.0.0/16.
Advanced (Optional) Local Route Propagation	Turn this setting on to propagate the Spoke VPC CIDR to the TGW route table.

Setting

Value

AWS TGW

The name of the AWS TGW you selected above appears and cannot be changed.

VPC

Select a VPC in the VPC Account.

Network Domain Name

Select a network domain from the dropdown menu domain. Each VPC can only be attached to one Network Domain.

Advanced Settings

Click here to review more advanced options.

Advanced (Optional) Select Subnets

When selected, a dropdown menu of VPC subnets appears for you to multi-select subnets/AZs to attach to the VPC. If you do not select any subnets, a subnet representing each AZ for the VPC attachment will be used.

Advanced (Optional) Select Route Tables

Only the selected route tables will participate in TGW Orchestrator, i.e., learned routes will be propagated to these route tables.

Advanced (Optional) Customize Spoke VPC Routes

By default, RFC 1918 summarized routes and learned non-RFC 1918 specific routes are dynamically programmed into each Spoke VPC’s VPC route table. This feature allows you to statically program specific routes whose target is the AWS TGW.

When you customize the Spoke VPC route entries, no learned routes are programmed into the VPC route table. If you wish no routes to be programmed by Aviatrix Orchestrator, enter 0.0.0.0/32.

Advanced (Optional) Customized Route Advertisement

By default, Spoke VPC advertises its VPC CIDR to TGW route table. This feature allows you to advertise different network CIDRs.

In environments where all Spoke VPCs have one identical CIDR, attaching these Spoke VPCs to a TGW will result in an error. For example, if a Spoke VPC CIDR is 10.10.0.0/16, 100.100.0.0/16 where 100.100.0.0/16 is common across all Spoke VPCs results in error. When you enable this setting, the Spoke VPC only advertises 10.10.0.0/16.

Advanced (Optional) Local Route Propagation

Turn this setting on to propagate the Spoke VPC CIDR to the TGW route table.

Click Save.

Auditing Routes

The Audit Routes feature verifies route correctness by scanning the attachment’s VPC route table, its attached TGW route table and connected TGW route tables. Use this to detect missing routes deleted by mistake or through programming errors.

To audit VPC routes:

Go to Aviatrix CoPilot > Networking > Connectivity > AWS TGW tab > select the AWS TGW > select the VPC tab.
Find the VPC and click the three dots icon.
Select Audit Routes.

The audit report begins. To view the task’s progress, go to Monitor > Notifications > select the Tasks tab.

Syncing VPC CIDRs to AWS TGW

If a new Spoke VPC CIDR is added/deleted or a new VPC route is added/deleted, clicking this option updates VPC attachments without having to detach the VPC first.

Update VPC CIDR automatically makes routing adjustment when there is VPC CIDR change, for example, a new VPC CIDR has been added to the VPC. It also makes routing adjustment when a new route table is added or deleted.

To configure:

Go to Aviatrix CoPilot > Networking > Connectivity > select the AWS TGW tab > select an existing AWS TGW.
Select the Attachments tab.
Select the VPC tab.
Find the VPC in the table and click the three dots icon. Select Sync VPC CIDRs to AWS TGW.

The sync begins. To view the task’s progress, go to Monitor > Notifications > select the Tasks tab.

Viewing VPC Route Tables & TGW Routes

To review VPC Route Tables and Transit Gateway routes:

Go to Aviatrix CoPilot > Networking > Connectivity > select the AWS TGW tab > select an existing AWS TGW.
Select the Attachments tab.
Select the VPC tab.
Find the VPC in the table and click the three dots icon. Select View VPC Route Tables & TGW Routes.
Use the tabs in the window to review VPC Routes and TGW Routes.