Skip to main content

Connecting multiple VPCs using transit gateway

You can easily manage traffic between VPCs in a centralized manner using Transit Gateway.

Basic information
  • Estimated time: 60 minutes
  • Recommended Operating system: macOS, Ubuntu
  • Region: kr-central-2
  • Prerequisites

About this scenario

This scenario covers an example of creating two VPCs and connecting them via transit gateway. The details are as follows.

  1. Create two VPCs to connect. In the scenario, each VPC uses one AZ and uses the default public subnet.
  2. Create a transit gateway. Then, add two VPCs as attachments to the transit gateway.
  3. Set a Static Route on the transit gateway. Add a policy to route packets destined for a specific VPC's CIDR to that VPC.
  4. Set a Route policy for the Subnet. In this scenario, we use the default public subnet. Add a policy to route packets destined for another VPC to the transit gateway. This allows you to connect to the destination VPC through the transit gateway.
  5. Create a VM instance in each Subnet. Use the ping command to verify that packets are properly delivered to instances in other VPCs.

The configuration diagram for the scenario is as follows:

Image

Step 1. Create VPC and network

VPC provides a logically isolated virtual network space. You can flexibly operate KakaoCloud resources through this virtual network environment. For more information, see the VPC.

  1. Go to KakaoCloud Console > VPC and create a new VPC using the [Create VPC] button.

  2. Create vpc-a to proceed with the connection by referring to the following. The value of VPC IP CIDR may need to be modified depending on the environment you are using. If modified, all corresponding values ​​used in the scenario process also need to be changed.

    Image

    ItemDetailValue
    VPC informationVPC Namehandson-vpc-a
    VPC IP CIDR Block10.1.0.0/16
    Availability ZoneNumber of AZs1
    First AZkr-central-2-a
    Subnet settingsNumber of public subnets per AZ1
    Number of private subnets per AZ0

  3. Create vpc-b to proceed with the connection by referring to the following.

    caution

    When creating a VPC, you must set the CIDR (Classless Inter-Domain Routing) range of each VPC so that it does not overlap with each other. CIDR defines the network address range of the VPC, and if there are VPCs with overlapping CIDRs, a conflict will occur and they will not be able to communicate with each other. Therefore, the CIDR of each VPC must be set uniquely.
    For example, if the CIDR of VPC A is 10.1.0.0/16, the CIDR of VPC B must be set to a different range, such as 10.2.0.0/16.

    Image

    ItemSubitemValue
    VPC informationVPC Namehandson-vpc-b
    VPC IP CIDR block10.2.0.0/16
    Availability zoneNumber of AZs1
    First AZkr-central-2-b
    Subnet settingsNumber of public subnets per AZ1
    Number of private subnets per AZ0

  4. Go to KakaoCloud Console > VPC > Subnet. Then, check the network resources such as Subnet and Route Table that were created.

    Image

Step 2. Create and set up transit gateway

Transit gateway overcomes the limitations of VPC Peering configuration, which becomes more complicated as the number of VPCs increases, and allows you to manage traffic between VPCs or between VPCs and on-premises more easily in a centralized manner. For more information, see Transit Gateway.

1. Create transit gateway

  1. Go to KakaoCloud Console > Transit Gateway and click the [Create transit gateway] button.

  2. For an example, check the table and image below and enter the information for the transit gateway to be created.

    Image

    ItemDescription
    Transit gateway namehandson-transit-gateway
    Default associationAssociation

  3. Check if the resource was created normally.

    Image

2. Create attachment

  1. Add an attachment to the created transit gateway.

    Image

  2. Add the created example handson-vpc-a to the Attachment of the transit gateway.

    Image

  3. Add the created VPC handson-vpc-b as Attachment of transit gateway.

    Image

  4. Check if Attachment has been added.

    Image

3. Configure transit gateway route

  1. To set the route of the transit gateway, access the detail page of the Route Table connected to the transit gateway.

    Go to KakaoCloud Console > Transit Gateway > Transit Gateway List Table.

    Image

  2. You can check Static route in Route tab. Click the [Add static route] button to add Static Route.

    Image

  3. Add Static Route by referring to the following. Add a rule to route traffic with destination 10.1.0.0/16 coming into the transit gateway to handson-vpc-a with the above settings.

    Image

    ItemValue
    Destination10.1.0.0/16
    Targethandson-vpc-a

  4. Add Static Route with reference to the following. Add a rule to route traffic with destination 10.2.0.0/16 coming into the transit gateway to handson-vpc-b with this setting.

    Image

    ItemValue
    Destination10.2.0.0/16
    Targethandson-vpc-b

  5. Verify that the setting was added as planned.

    Image

Step 3. Set route policy for subnet

  1. Go to KakaoCloud Console > VPC > Route Table to check the Route Table list.

  2. Access the detailed page of the Route Table connected to the main subnet of handson-vpc-a and the main subnet of handson-vpc-b, and modify the Route information.

    Image

  3. Access the Route Table detail page connected to the main subnet of handson-vpc-a. Then click the [Add route] button.

    Image

  4. Add a route that sets handson-transit-gateway as the target when the destination is the CIDR of handson-vpc-b.

  5. Check the generated Route information.

    Image

  6. Access the Route Table detail page connected to the main subnet of handson-vpc-b. Then click the [Add route] button.

    Image

  7. Add a route that sets handson-transit-gateway as the target when the destination is the CIDR of handson-vpc-a.

    Image

  8. Check the generated Route information.

    Image

Step 4. Verify instance creation and connection

  1. Go to KakaoCloud Console > Virtual Machine > Instance menu, click the [Add Instance] button. Check the table below and create one Instance in each created VPC.

    ItemDetailed ItemInstance 1Instance 2
    Basic informationNamehandson-instance-ahandson-instance-b
    Number11
    ImageUbuntu 20.04Ubuntu 20.04
    Instance typem2a.largem2a.large
    VolumeRoot Volume, 20GB, SSDRoot Volume, 20GB, SSD
    Key Pair{User Key Pair}{User Key Pair}
    NetworkVPChandson-vpc-ahandson-vpc-b
    Subnetmainhandson-vpc-b
    Security Group{See below}{See below}

  2. In order to check the communication, you need to check the security policy for the port to be used. Check the following and add the security policy for the corresponding scenario.

    PolicyInboundInboundOutbound
    ProtocolICMPTCPALL
    Packet Source (Source)10.0.0.0/8{User Public IP}/320.0.0.0/0
    Port Number-22-
    Policy Descriptionpingsshall
    info

    You can check your public IP address through an online service or website. For example, you can check your public IP address by visiting WhatIsMyIP.com.

  3. Assign a public IP to the instance and proceed with ssh connection.

    ssh ubuntu@{INSTANCE_PUBLIC_IP} -i {KEY_PAIR}

  4. After connecting, check communication using the ping command to the Instance created in another VPC. The image below is the result of using the ping command from instance-a located in vpc-a to instance-b located in vpc-b.

    ping {INSTANCE_PRIVATE_IP}

    Image

    The image below is the result of using the ping command from instance-b located in vpc-b to instance-a located in vpc-a.

    Image