Posted this in r/AWS as well. Tgw equals VRF TGW routing tables equals routing domains.
We have a multi VPC environment with all VPCs attached to a TGW. One of the attachments serves as as the default route to the internet 0.0.0.0/0.
Basically we have a few core VPCs that would have a tgw route to all attachments. Then other VPCs that would only need to route to the core VPCs.
Since all VPCs would require the default route to the internet, is the only way to restrict east west communication with individual tgw route tables for each attachment with black hole routes?
Would the packet get dropped if it routed to the default route attachment (that vpc would have a route to all spoke VPCs)?
No comments:
Post a Comment