The 128T-aws-transit-gateway-connect plugin provides integration between a 128T and a Transit Gateway. It does so with the use of BGP for sharing routes and GRE tunnels to encapsulate the BGP traffic as well as any other traffic to be sent to the Transit Gateway.
The instructions for installing and managing the plugin can be found here.
The router configuration that is generated is only compatible with 128T versions which have native GRE support (128T >= 5.2.0).
- Transit Gateway - A cloud router which connects VPCs and on-premise networks through a central hub.
- Virtual Private Cloud (VPC) - A logically isolated virtual network in AWS where resources exist.
- Transit Gateway Attachment - How the Transit Gateway attaches to a network.
Transit Gateway Connect Terms:
- Transit Gateway Connect - A logical unit containing the Connect Attachment, Transport Attachment, a Connect VPC, and the 128T.
- Transit Gateway Connect Attachment - A new type of Transit Gateway Attachment which operates on top of an existing Transport Transit Gateway Attachment.
- Transport Transit Gateway Attachment - An attachment on top of which a Connect Attachment is created. Must be either of type VPC or VPN.
- Transit Gateway Connect Peer - A peer that communicates over GRE and with BGP to the Transit Gateway Connect. In our case, this is a 128T.
Configure the following components, in order:
- Transit Gateway
- Transport Transit Gateway Attachment
- Transit Gateway Connect Attachment
- Additionally, the routing tables must be configured to transport the GRE traffic to the Transit Gateway network interface.
The plugin interacts with the AWS APIs to identify an existing "Connect Peer" that applies to the given node. Matching is based on the network interface IP address and the Connect Peer's peer address. If there is no existing Connect Peer, the plugin creates one on behalf of the user. The plugin chooses the first
available Transit Gateway Connect Attachment to create the Transit Gateway Connect Peer.
This logic collects the necessary data for the plugin to generate the appropriate BGP and GRE configuration for connection.
Setup Credentials on the Conductor
Use the following steps to configure the Conductor to query and create AWS objects. On each Conductor node:
- Install the AWS CLI if not already installed.
- Configure AWS CLI using
aws configure. Be sure to specify the credentials, and
- Run the following:
aws ec2 describe-transit-gateway-connect-peers.
- If the configuration is valid a json response is printed.
- Update the AWS CLI to the latest version available and then try step 3 again.
To determine which nodes/interfaces are to be used to connect to the transit gateway, the plugin configuration datamodel needs a tagging mechanism on the
address to let the plugin know which interfaces are to be used for peering.
If the router you are tagging is in a different region than the conductor, you must configure the region of the router.
- Due to the nature of tagging a specific
network-interface, this plugin only supports peering over an interface with a static IP address.
/var/log/128technology/persistentDataManager.log file at trace level will show whether the configuration generation was run, as well as output and return code.
Configuration generation logs can be found on the conductor under
After the configuration is generated, the BGP peering status can be queried on the 128T side using the following commands on the router:
show bgp neighbors
show bgp summary
On the AWS Portal, under
Transit Gateway Attachments >
<your connect attachments> >
Connect peers, there will be entries for the 128T as a connect peer and the BGP status.
Example Configuration Generation
With the example configuration and the following AWS TGW connect peer
|TGW GRE IP||10.128.2.201|
|TGW BGP IP 1||169.254.192.26|
|TGW BGP IP 2||169.254.192.27|
|128T GRE IP||10.128.2.25|
|128T BGP IP||169.254.192.25|
The following config will be generated:
base device-interface already exists and the
gre network-interface is generated under the