Connecting multiple VPCs using transit gateway
You can easily manage traffic between VPCs in a centralized manner using Transit Gateway.
- Estimated time: 60 minutes
- Recommended Operating system: macOS, Ubuntu
- Region: kr-central-2
- Prerequisites
- VM Access Key Pair
- Project Administrator Permissions
About this scenario
This scenario covers an example of creating two VPCs and connecting them via transit gateway. The details are as follows.
- Create two VPCs to connect. In the scenario, each VPC uses one AZ and uses the default public subnet.
- Create a transit gateway. Then, add two VPCs as attachments to the transit gateway.
- Set a Static Route on the transit gateway. Add a policy to route packets destined for a specific VPC's CIDR to that VPC.
- Set a Route policy for the Subnet. In this scenario, we use the default public subnet. Add a policy to route packets destined for another VPC to the transit gateway. This allows you to connect to the destination VPC through the transit gateway.
- Create a VM instance in each Subnet. Use the ping command to verify that packets are properly delivered to instances in other VPCs.
The configuration diagram for the scenario is as follows:
Step 1. Create VPC and network
VPC provides a logically isolated virtual network space. You can flexibly operate KakaoCloud resources through this virtual network environment. For more information, see the VPC.
-
Go to KakaoCloud Console > VPC and create a new VPC using the [Create VPC] button.
-
Create
vpc-a
to proceed with the connection by referring to the following. The value ofVPC IP CIDR
may need to be modified depending on the environment you are using. If modified, all corresponding values used in the scenario process also need to be changed.Item Detail Value VPC information VPC Name handson-vpc-a VPC IP CIDR Block 10.1.0.0/16 Availability Zone Number of AZs 1 First AZ kr-central-2-a Subnet settings Number of public subnets per AZ 1 Number of private subnets per AZ 0 -
Create
vpc-b
to proceed with the connection by referring to the following.cautionWhen creating a VPC, you must set the CIDR (Classless Inter-Domain Routing) range of each VPC so that it does not overlap with each other. CIDR defines the network address range of the VPC, and if there are VPCs with overlapping CIDRs, a conflict will occur and they will not be able to communicate with each other. Therefore, the CIDR of each VPC must be set uniquely.
For example, if the CIDR of VPC A is10.1.0.0/16
, the CIDR of VPC B must be set to a different range, such as10.2.0.0/16
.Item Subitem Value VPC information VPC Name handson-vpc-b VPC IP CIDR block 10.2.0.0/16 Availability zone Number of AZs 1 First AZ kr-central-2-b Subnet settings Number of public subnets per AZ 1 Number of private subnets per AZ 0 -
Go to KakaoCloud Console > VPC > Subnet. Then, check the network resources such as
Subnet
andRoute Table
that were created.
Step 2. Create and set up transit gateway
Transit gateway overcomes the limitations of VPC Peering
configuration, which becomes more complicated as the number of VPCs increases, and allows you to manage traffic between VPCs or between VPCs and on-premises more easily in a centralized manner. For more information, see Transit Gateway.
1. Create transit gateway
-
Go to KakaoCloud Console > Transit Gateway and click the [Create transit gateway] button.
-
For an example, check the table and image below and enter the information for the transit gateway to be created.
Item Description Transit gateway name handson-transit-gateway Default association Association -
Check if the resource was created normally.
2. Create attachment
-
Add an attachment to the created transit gateway.
-
Add the created example
handson-vpc-a
to theAttachment
of the transit gateway. -
Add the created VPC
handson-vpc-b
asAttachment
of transit gateway. -
Check if
Attachment
has been added.
3. Configure transit gateway route
-
To set the route of the transit gateway, access the detail page of the
Route Table
connected to the transit gateway.Go to KakaoCloud Console > Transit Gateway > Transit Gateway List Table.
-
You can check
Static route
in Route tab. Click the [Add static route] button to addStatic Route
. -
Add
Static Route
by referring to the following. Add a rule to route traffic with destination10.1.0.0/16
coming into the transit gateway tohandson-vpc-a
with the above settings.Item Value Destination 10.1.0.0/16 Target handson-vpc-a -
Add
Static Route
with reference to the following. Add a rule to route traffic with destination10.2.0.0/16
coming into the transit gateway tohandson-vpc-b
with this setting.Item Value Destination 10.2.0.0/16 Target handson-vpc-b -
Verify that the setting was added as planned.
Step 3. Set route policy for subnet
-
Go to KakaoCloud Console > VPC > Route Table to check the Route Table list.
-
Access the detailed page of the Route Table connected to the main subnet of
handson-vpc-a
and the main subnet ofhandson-vpc-b
, and modify the Route information. -
Access the
Route Table
detail page connected to themain
subnet ofhandson-vpc-a
. Then click the [Add route] button. -
Add a route that sets
handson-transit-gateway
as the target when the destination is theCIDR
ofhandson-vpc-b
. -
Check the generated
Route
information. -
Access the
Route Table
detail page connected to themain
subnet ofhandson-vpc-b
. Then click the [Add route] button. -
Add a route that sets
handson-transit-gateway
as the target when the destination is theCIDR
ofhandson-vpc-a
. -
Check the generated
Route
information.
Step 4. Verify instance creation and connection
-
Go to KakaoCloud Console > Virtual Machine > Instance menu, click the [Add Instance] button. Check the table below and create one
Instance
in each created VPC.Item Detailed Item Instance 1 Instance 2 Basic information Name handson-instance-a handson-instance-b Number 1 1 Image Ubuntu 20.04 Ubuntu 20.04 Instance type m2a.large m2a.large Volume Root Volume, 20GB, SSD Root Volume, 20GB, SSD Key Pair {User Key Pair}
{User Key Pair}
Network VPC handson-vpc-a handson-vpc-b Subnet main handson-vpc-b Security Group {See below}
{See below}
-
In order to check the communication, you need to check the security policy for the port to be used. Check the following and add the security policy for the corresponding scenario.
Policy Inbound Inbound Outbound Protocol ICMP TCP ALL Packet Source (Source) 10.0.0.0/8 {User Public IP}/32
0.0.0.0/0 Port Number - 22 - Policy Description ping ssh all infoYou can check your public IP address through an online service or website. For example, you can check your public IP address by visiting WhatIsMyIP.com.
-
Assign a
public IP
to the instance and proceed withssh
connection.ssh ubuntu@{INSTANCE_PUBLIC_IP} -i {KEY_PAIR}
-
After connecting, check communication using the
ping
command to theInstance
created in another VPC. The image below is the result of using theping
command frominstance-a
located invpc-a
toinstance-b
located invpc-b
.ping {INSTANCE_PRIVATE_IP}
The image below is the result of using the
ping
command frominstance-b
located invpc-b
toinstance-a
located invpc-a
.