The hub-and-spoke design is the most common topology used to connect multiple remote locations to one or more central locations such as a corporate data center, a third-party company, or a cloud provider over a wide-area network. Figure 8.7 shows a VPC hub-and-spoke architecture. The spoke locations all connect to the hub, and each spoke that communicates with other spokes must traverse the hub. The hub is the central interconnection location.
The hub-and-spoke, or star, wide-area networking model allows your organization to efficiently manage WAN connections by reducing the total number of carrier data circuits that would be required when using a mesh type of network.
The VPC hub model uses a central VPC to consolidate and centralize services such as Active Directory, DHCP, DNS, security, monitoring, and management applications.
FIGURE 8.5 PrivateLink VPC endpoint partner configuration
In this section, you will learn about the most common AWS hub-and-spoke VPC architectural models including the Transit Gateway, Transit Gateway connect, and transit VPC.
The Transit Gateway is a virtual cloud routing service offering from AWS. The Transit Gateway is a regional service that is scalable and highly available and enables VPCs and on-premises networks to connect through a central hub over either site-to-site VPNs or Direct Connect. The hub-and-spoke design allows any services connected to the gateway to talk to each other, which allows VPC-to-VPC routing in a region. The advantage of using a Transit Gateway instance is that only one connection needs to be made when adding new VPCs, VPNs, or on-premises networks, as shown in Figure 8.8. All traffic is routed at the Transit Gateway service. This allows for a single service to manage and monitor routing for the network.
FIGURE 8.6 PrivateLink VPC endpoint AWS Services configuration
The AWS Transit Gateway replaces VPC peering networks and reduces the complexity of establishing multiple VPC-to-VPC peering architectures. The Transit Gateway acts as a central virtual router where your VPC connects only once instead of having to establish many VPC peering connections. As you learned in Chapter 7, the Transit Gateway connects VPCs across regional boundaries and eliminates the need to create mesh networks to work around the limitation of VPCs not supporting transitive routing. Transit Gateway supports SD-WAN connections, peer-to-peer VPNs, and Direct Connections to connect your on-premises networks to the AWS cloud. The service is a highly scalable, AWS managed hub-and-spoke routing architecture. All spoke networks that are connected can route between each other in a single service offering to simplify the deployment, management, and monitoring of your network.
Transit Gateway instances residing in one region can be interconnected to other Transit Gateway instances in other regions to extend the network worldwide.
FIGURE 8.7 Hub-and-spoke VPC networks
FIGURE 8.8 AWS Transit Gateway service
The Transit Gateway service allows you to manage connections across a large number, into the thousands, of VPCs while avoiding individual VPC peering connections. The Transit Gateway uses BGP to automatically update the routing table as networks are added or removed. Inter-region peering allows you to share common services such as DNS, Active Directory, and security services to your remote applications running in different AWS regions. New VPCs can be quickly added and removed with the service for fast responses to changes in your architecture. Multicasting is supported with Transit Gateway, and different multicast groups are supported that allow streaming of content using a one-to-many design, which is useful for streaming audio or video and for pushing software updates out to many devices simultaneously.
Acedexam Training Policies
Learning resources
Other resources
Our Training Providers
