TGW代表选择哪个路线桌?
我有一个与TGW连接的2个VPC的场景。在一个VPC之一(VPC a)中,我有一个Ig和nat。在此VPC中,我可以使用NAT进入互联网。因此,设置工作正常。 在我的其他VCP(VPC B)中,我的私人子网指向所有0.0.0.0/0流量的TGW。在我的TGW-RT中,我有一个0.0.0.0/0的路线,指向VPC A的附件A。
这是我开始感到困惑的地方。附件是用两个AZ设置的。因此,附件会在每个区域中创建两个接口,因此可以将流量路由到VPC中的所有资源。但是我没有为我的VPC使用默认的RT;取而代之的是,我有一个用于公共子网的RT,另一个用于私人子网。 在公共RT中,我指向IG 0.0.0.0/0,在私人i指向NAT 0.0.0.0/0。 TGW附件如何知道要使用的RT,如何确定将流量发送到IG或NAT?还是TGW-Attachments只能使用默认RT?
I have a scenario where I have 2 VPC both connected with a TGW. In one of the VPC (VPC A) I have a IG and a NAT. In this VPC I'm able to use the NAT to go reach the internet. So that set up is working fine.
In my other VCP (VPC B) I have my private subnet pointing to the TGW for all 0.0.0.0/0 traffic. And in my TGW-RT I have a route for 0.0.0.0/0 pointing to the attachment for VPC A.
Here is where I start to get confused. The attachment is set up with two AZ's. So the attachment creates two interfaces, one in each zone, so it can route traffic to all my resources in the VPC. But I am not using the default RT for my VPC; instead I have a RT for my public subnets and another for my private subnets.
In the public RT I point 0.0.0.0/0 to the IG and in the private I point 0.0.0.0/0 to the NAT. How does the TGW attachment know what RT to use, how can it determine to send the traffic to the IG or the NAT? Or is TGW-attachments only able to use the default RT?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
经过一番测试后,我发现您必须使用私人子网设置TGW-Attachment设置,如果您希望它能够到达NAT。这听起来不太奇怪。但是很奇怪的是,它没有得到很好的记录。
After some testing I have found that you have to have your TGW-Attachment setup with a private subnet if you want it to be able to reach the NAT. This may not sound so weird. But the weird thing is that it is not documented well.