Cannot find an answer to this and wondered if anyone can help/ point in correct direction.
A colleague and I are investigating a design where multiple SDDCs are being deployed and connectivity is being aggregated via native AWS Transit Gateway (TGW). Route based VPNs are in use. This bit is fine. The connectivity between the SDDC and its connected VPC is also understood from the perspective of the SDDC consuming services sitting in its corresponding VPC. My colleague who is looking after the AWS side has had some conflicting messages regarding additional connectivity options for the Connected VPCs (additional meaning in addition to the SDDC ENI connectivity). He has some challenges and has been told not to treat the connected VPCs as normal VPCs with regards to routing and thus his idea of connecting them also to the TGW is thrown into doubt, He is essentially been told it may cause issues. Having never tested this myself and with no means to test this in advance I was hoping for some points of clarification.
1. Can the T0 Gateway participate in transitive routing between its Connected VPC and an onward connection to AWS Transit Gateway. ie routes in TGW route table include those of the connected VPC (learned via T0)?. Have only previously tested routed between SDDC and connected VPC and nothing beyond that.
2. Can the connected VPC actually consume TGW directly in addition to its SDDC connection. If so is there anything we need to be aware of - potential issues and ways to mitigate these (e.g. asymmetric routing due to dual paths).
Essentially he wants to avoid using the SDDC as a transitive hop between the TGW and connected VPC and thus only allow the SDDC to consume the connected VPC via its ENI interface.
Thanks in advance
R1. yes you can propagate on-prem routes to your VPC routing table.
R2.not so sure what you ask here but will give my 2 cents, VPC connection to TGW is thru a vpn which is transparent and is not managed by you, also but from the networking piece as far as I know you can have multiple VRFs connected to TGW, from BGP if you have more than 100 routes per VRF are supported only, there is not any kind of traffic/policy control on TGW.