Terms

Attachment

Attach a VPC or VPN connection to a Transit Gateway. Each attachment is associated with only one route table.

A Transit Gateway attachment is both a source and a destination of packets. You can attach these resources to your Transit Gateway, if they are in the same region as the Transit Gateway:

  • One or more VPCs

  • One or more VPN connections

AWS Transit Gateway

A service used to connect your Amazon Virtual Private Clouds (VPCs) and on-premises networks to one gateway. With AWSClosed Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. Transit Gateway, you only have to create and manage one connection from the central gateway to each Amazon VPC, on-premises data center, or remote office across your network. A Transit Gateway works as a hub that controls how traffic is routed among all the connected networks (such as a spoke). All new VPCs are connected to the Transit Gateway, and are then automatically available to each network connected to the Transit Gateway.

Expert Mode

The name of the command line shell that gives full system root permissions in the Check Point GaiaClosed Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. operating system.

Warning - Use the Expert ModeClosed The name of the elevated command line shell that gives full system root permissions in the Check Point Gaia operating system. with caution. The flexibility of an open shell, with root permission, exposes the system to potential administrative errors.

Route Propagation

A VPC or VPN connection can dynamically propagate routes to a Transit Gateway route table:

  • With a VPC, you must create static routes to send traffic to the Transit Gateway.

  • With a VPN connection, routes are propagated from the Transit Gateway to your on-premises router over Border Gateway Protocol (BGP).

Each attachment comes with routes that can be installed on one or more Transit Gateway route tables:

  • For a VPC attachment, these are the VPC's CIDR blocks.

  • For a VPN connection attachment, these are the prefixes advertised over the BGP session (that is established with the VPN connection).

When an attachment is propagated to a Transit Gateway route table, these routes are installed in the route table.

Two ways routes are propagated in the AWS Transit Gateway:

  • Routes propagated to or from on-premise networks:

    When you connect a VPN, routes use Border Gateway Protocol (BGP) to propagate between the AWS Transit Gateway and your on-premises router.

  • Routes Propagated to or from Amazon VPCs:

    When you attach an Amazon VPC to an AWS Transit Gateway or resize an attached Amazon VPC, the Amazon VPC Classless Inter-Domain Routing (CIDR) uses internal APIs (not BGP) to propagate to the AWS Transit Gateway route table .

Route Table Association

You can associate a Transit Gateway attachment with only one route table. Each route table can be associated with zero or multiple attachments, and forward packets to attachments or other route tables.