New Training: Plan for Cross-VPC Network Traffic at AWS

In this 7-video skill, CBT Nuggets trainer Bart Castle explains the difference between using VPC Peering and the Transit Gateway for facilitating both cross-VPC and cross-region network traffic. Learn how to implement a site-to-site virtual private network (VPN) using the AWS Virtual Gateway, IPSec VPN tunnels, and a remote Linux (EC2-based) gateway. Watch this new AWS training.

Learn AWS with one of these courses:

• AWS Certified Security – Specialty

• AWS Certified SysOps Administrator – Associate

This training includes:

• 7 videos

• 45 minutes of training

You’ll learn these topics in this skill:

• Transit Gateway vs. VPC Peering

• VPC Endpoints and PrivateLink

• VPN to Transit Gateway: Overview

• VPN to Transit Gateway: Configuring VPN Attachment

• VPN to Transit Gateway: Configuring Linux VPN Gateway

• VPN to Transit Gateway: Routing Validation

• VPN to Transit Gateway: Connectivity Test

Transit Gateway vs VPC Peering: What the Difference?

VPC peering establishes a network connection between two VPCs, enabling a user to route traffic between them via private IP addresses (either IPv4 or IPv6). Once a connection is established, instances on either side can communicate with the other as if they were within the same network.

While this is manageable at a low level, once connections need to be established at scale, the complexity of VPC peering noticeably increases, eventually to a prohibitive degree. Transit Gateway (TGW) was created to address this issue, making it an excellent default for many network architectures. However, unless these connections are consistently established at a significant scale, VPC has several advantages over TGW.

First, VPC peering has a lower cost than TGW with small numbers of connections because users only pay for actual data transfer charges. These costs are automatically split between the VPC sender and receiver. Second, VPC peering has no bandwidth limits, while TGW has a maximum bandwidth burst limit of 60 Gbps per Availability Zone per VPC connection.

Transit Gateway also involves an additional hop between the sending and receiving VPCs, which can introduce additional latency. Finally, security groups referencing only works with VPC peering; it does not work with TGW.