AWS Transit Gateway + SD-WAN solutions - Amazon Virtual Private Cloud Connectivity Options
Additional resources

AWS Transit Gateway + SD-WAN solutions

Software Defined Wide Area Networks (SD-WANs) are used to connect your data centers, offices, or colocation environments over different transit networks (such as the public internet, MPLS networks, or the AWS backbone using AWS Direct Connect), managing the traffic automatically and dynamically across the most appropriate and efficient path based on network conditions, application type or quality of service (QoS) requirements.

Use this approach if you have a complex network topology, with several data centers, offices, or colocation environments that need to communicate between themselves and with AWS. SD-WAN solutions can help you to efficiently manage this type of network.

When talking about the connection of an SD-WAN network to AWS, AWS Transit Gateway provides a managed highly-available and scalable regional network transit hub to interconnect VPCs and your SD-WAN network. Transit Gateway connect attachments provide a native way to connect your SD-WAN infrastructure and appliances with AWS. This makes it easy to extend your SD-WAN into AWS without having to set up IPsec VPNs.

Transit Gateway connect attachments support Generic Routing Encapsulation (GRE) for higher bandwidth performance compared to a VPN connection. It supports Border Gateway Protocol (BGP) for dynamic routing, and removes the need to configure static routes. This simplifies network design and reduces the associated operational costs. In addition, its integration with Transit Gateway Network Manager provides advanced visibility through global network topology, attachment level performance metrics, and telemetry data.

When integrating your SD-WAN network to Transit Gateway using connect attachments, you have two common patterns. The first one is placing virtual appliances of the SD-WAN network in a VPC within AWS. Then, you use a VPC attachment as underlying transport for the Transit Gateway connect attachment between the virtual appliances and the Transit Gateway, as can be shown in the following figure.

A diagram that shows using a VPC attachment as underlying transport.
SD-WAN connectivity with AWS Transit Gateway (virtual appliance in AWS)

Alternatively, you can extend and segment your SD-WAN traffic to AWS without adding extra infrastructure. You can create Transit Gateway connect attachments using an AWS Direct Connect connection as underlying transport, as can be shown in the following figure.

A diagram that shows using a VPC attachment as underlying transport.
SD-WAN connectivity with AWS Transit Gateway (Direct Connect as transport)

There are some considerations to be aware when using Transit Gateway connect attachments:

  • You can create a connect attachments on existing Transit Gateways.

  • Third-party appliances must be configured with a GRE tunnel in order to send and receive traffic from Transit Gateway using connect attachments. The appliance must be configured with BGP for dynamic route updates and health checks.

  • Connect attachments do not support static routes.

  • Transit Gateway connect attachments support a maximum bandwidth of five Gbps per GRE tunnel. Bandwidth above five Gbps can achieved by advertising the same prefixes across multiple Connect peer (GRE tunnels) for the same Connect attachment.

  • A maximum of four Connect peers are supported for each connect attachment.

  • Transit Gateway connect attachments support IPv6 and dynamic route advertisements through Multiprotocol Extensions for BGP (MBGP or MP-BGP).

Additional resources