AWS VGW vs DGW vs TGW
We compare the three AWS network gateways to help you choose the best option for your business.
In November 2018, AWS launched the newest version of its native network routing service: Transit Gateway (TGW). This cloud-based network gateway allows customers to connect Virtual Private Clouds (VPCs) across different accounts in a hub and spoke topology, and is the third evolution in this feature set. The release was preceded by Direct Connect Gateway (DGW), which was announced in 2017, and prior to that, Virtual Private Gateway (VGW).
Navigating these options and figuring out which fits your use case can be tricky. In this blog post, we’ll demystify each service so you can easily determine which solution is right for your business.
To start, it’s best to consider the requirements of your workloads as each service offers certain features but not others. The table below provides a quick overview.
Let’s break down the specific benefits of each gateway and explore how they have changed over time.
Virtual Private Gateway (VGW)
The introduction of VGW gave AWS customers the ability to let multiple VPCs, in the same region, on the same account, share a Direct Connect. Prior to VGW, a Direct Connect Private Virtual Interface (VIF) was required for each VPC, establishing a 1:1 correlation which didn’t scale well in terms of cost and administrative overhead. VGW became known as a solution that reduces the expense of establishing new Direct Connect circuits for each VPC – as long as both VPCs are in the same region, on the same account. This construct can be used with either Direct Connect or the Site-to-Site VPN.
Direct Connect Gateway (DGW)
DGW builds upon VGW capabilities by adding the ability to connect VPCs in one region to a Direct Connect in another region. CIDR addresses can’t overlap, and traffic will not route from VPC-A to the Direct Connect Gateway and to VPC-B. It will instead route as follows: VPC-A > Direct Connect > Data Center Router > Direct Connect > VPC-B.
Transit Gateway – TGW
Transit Gateway provides enhanced routing services over preceding offerings from AWS. The initial launch of Transit Gateway didn’t support Direct Connect and required Site-to-Site VPN, but these limitations no longer apply. However, each VPN session is still limited to 1.25 Gbps of throughput. If you want to scale beyond this, you’ll need to add multiple VPN connections to reach your desired aggregate bandwidth and then leverage ECMP to multipath traffic across all VPN connections. With ECMP, you can scale beyond 1.25 Gbps.
TGW, coupled with AWS Resource Access Manager, allows you to use a single Transit Gateway across multiple AWS accounts. TGW also now supports Inter-Region peering. CIDR overlap is also permitted with the addition of multiple route tables. Being able to leverage multiple route tables on TGW delivers a virtual routing and forwarding (VRF) type of capability that allows you to isolate routing domains to enforce traffic segmentation. A significant advantage of TGW is that you can route between VPCs without your data having to hairpin over the VPN to your on-premises router and back to AWS, as observed with VGW and DGW. A list of supported regions is available on the AWS FAQs page.
AWS and Megaport
By using Megaport’s Software Defined Network (SDN), you can streamline your AWS connectivity for on-demand provisioning, tighter security, and improved network performance.
When you use Megaport’s SDN, you can also connect your AWS instances to other cloud providers with Megaport Cloud Router (MCR), and achieve branch-to-cloud AWS connectivity with one of our SD-WAN integration partners on Megaport Virtual Edge (MVE).
For more information on connecting to AWS via Megaport and designing the right network architecture for your business, get in touch with our team here.
Keep up to date on Megaport in the news by following us on social media at: