Connect SDWAN into AWS Transit Gateway in 2022

Connecting SDWAN environments to AWS Transit Gateway is not an idea it’s a reality for most enterprises.  When Amazon launched this option, the intention was to provide a native connection point to extend the WAN to AWS VPCs easily.  This has been preferred compared to generating complicated IPSec connections, installing physical circuits in the AWS datacenter (while trying to figure out a cross-connect) or other backhaul redirect designs.  In the last 24 months, we have seen a large re-design of the traditional corporate Wide Area Network and in less time, more needs to connect to AWS public cloud.  This article will explore some easy consumable points around extending your WAN to AWS Transit Gateway.


WAN Routing to Public Cloud & why it has changed

Let’s look at two points on why wide area networks are changing how they route and deliver applications to end nodes from public cloud.


  1. The first reason, is it’s related to the increase of remote users/workers and how enterprises have moved critical applications to cloud.  More organizations are relying on datacenters Remote users can now route directly to AWS for business needs compared to connecting to a corporate office.
  2. The second reason is really driven by speed, agility and cost.  Deploying applications a database and other services in your VPC can happen quickly.  WANsmust keep up the pace by equally deploying network services over affordable internet links with their software defined architecture.  In the past, this form of moving nodes, circuits quickly could not happen, especially in an MPLS world.  Organizations can take control of their OPEX costs as well by less long-term contracts and driving more edge services out of the traditional datacenter.


SDWAN Transit Gateway Partners include some of the industry best cloud providers globally.  Macronet Services partners with them to understand their ability to deliver low latency, quick installations and optimal performance especially as multi-cloud becomes more relevant.


Why use AWS Transit Gateway for SDWAN connectivity?

  1. Transit Gateway Connect supports Generic Routing Encapsulation (GRE) and BGP for network availability.
  2. Onboard Transit Gateway Network Manager offers additional exposure to WAN performance, logical topology info and other metrics.  IT Teams love this.  Clearly AWS offers telemetry metrics across assets in your tenancy, but to the branch/node locations as well.
  3. Gobs of bandwidth with high-capacity building interconnects between your SDWAN and AWS.  More edge connect partners
  4. IP CIDR Schemas.  Adding AWS with Transit Gateway offers you the ability to use RFC1918 IP Space on your virtual appliances to egress traffic to your Virtual Private Cloud (VPC)



VPC Connection vs. Transit Gateway?

VPC connection into AWS is a valid and most preferred option over Transit Gateway for several reasons.  First, VPC costs are lower as you only incur transfer charges in your tenancy.  TGW equally charges data transfer cost however there is an hourly charge for each connection attachment.


  • Bandwidth throughput— AWS VPC allows no With Transit Gateway, Maximum bandwidth (burst) per VPC connection is 50 Gbps. VPC peering has no aggregate bandwidth. Individual instance network performance limits and flow limits (10 Gbps within a placement group and 5 Gbps otherwise) apply to both options. Only VPC peering supports placement groups.


  • Bandwidth Latency— Transit Gateway implementations do add an additional hop between VPCs as opposed to VPC peering.


  • Security Groups compatibility— Security groups referencing works with intra-Region VPC peering. It does not currently work with Transit Gateway.

Within your Landing Zone setup, VPC Peering can be used in combination with the hub and spoke model enabled by Transit Gateway.


Transit Gateway Partners

Here are some of Macronet Services SDWAN partners we design and deploy services with on AWS. Contact us for a discussion on how we can extend your AWS environment, what the costs would look like and more.



Organizations should take (3) approaches if they plan to deploy their private SDWAN into Transit Gateway

  1. Know your WAN contracts & spend before re-positioning nodes such as your datacenter.  Early Term charges could impact how you move your infrastructure.
  2. Select the proper SDWAN provider and design your infrastructure to router properly to the edge eyeballs who require the applications for your business.
  3. Understand the limitations and opportunities placing your SDWAN communications into AWS.  Clearly dig into egress costs if applicable so there are no surprises.


Macronet Services has designed hundreds of SDWAN designs into AWS and other public cloud providers.  Contact us to speak with an Architect for an overview before you route traffic!