What is Route Analyzer?
Route Analizer was announced on May 4, 2020.
This is a new feature of AWS Transit Gateway Network Manager.
Announcing Route Analyzer in AWS Transit Gateway Network Manager
https://aws.amazon.com/jp/about-aws/whats-new/2020/05/announcing-route-analyzer-in-aws-transit-gateway-network-manager/
Route Analyzer allows you to verify the routing configuration between a specific source and destination in the network connected by Transit Gateway before sending the actual traffic.
Makes it easy to see the route related issues that are causing the traffic failure.
Let's try it
Prerequisite
Configure Transit Gateway's Inter-Region Peering between the Tokyo region and N. Virginia region.
Check the connectivity between the VPCs attached to each Transit Gateway with Route Analyzer.
You will need to prepare the following in advance.
- Create a Transit Gateway in both regions and attach the VPCs in the regions
- Create a global network in Network Manager and register the Transit Gateway for both regions
- Creating a Peering Connection attachment for the Transit Gateway from Tokyo
- Approve a Peering Connection request on the N.Virginia side
Example of specifying the Peering Connection.
You can verify that the Transit Gateway peering is established in Network Manager's Geographic.
Run Route Analyzer
Select the Root Analyzer tab in Network Manager.
Specify the Tokyo Region's Transit Gateway, VPC attachment and private IP for the source.
And specify the N.Virginia Region's Transit Gateway, VPC attachment and private IP for the destination.
When you run the analysis, you see the results and the status shows that Not connected.
The results are as expected because the root table was not edited after Inter-Region Peering was configured.
Add a static route to the Transit Gateway route table on the Tokyo region side.
Specify the private IP address specified as the destination by Route Analyzer in CIDR with /32.
In the Choose attachment, you must specify the Peering Connection attachment.
When you run the analysis again, you see the results and the status shows that Connected.
Route Analyzer can also analyze the return path of traffic from the destination back to the source.
I did not edit the Transigt Gateway route table on the N.Virginia side, so the return path connection failed.
I edited the route table for the N.Virginia side as well as the Tokyo Region and rerun the analysis.
The connection was confirmed on both the forward and return paths.
The route analyzer allows you to check connectivity without running any real traffic.
And it's also very useful because it clearly shows you the route table that you need to add settings to.
Important point
Route Analyzer does not analyze security groups or network ACL rules.
If these effects are considered, you should be analyzed and verified in conjunction with the VPC flow log.
References
Amazon VPC Document - Route Analyzer
https://docs.aws.amazon.com/vpc/latest/tgw/route-analyzer.html
Top comments (0)