GWLB系列3: 使用GWLB+TGW方案时跨AZ访问的场景打开Transit Gateway Appliance Mode

在使用GWLB+TGW方案时候,运行应用系统的VPC(可叫做Spoke VPC或叫做Application VPC)访问其他VPC时候出现了同AZ可访问,跨AZ无法访问。经调查是Transit Gateway Appliance Mode默认是关闭模式,没有打开。

请参考AWS官方博客:

https://aws.amazon.com/cn/blogs/networking-and-content-delivery/centralized-inspection-architecture-with-aws-gateway-load-balancer-and-aws-transit-gateway/

这个参数可以通过CLI打开,Appliance Mode的说明如下:

Enable or disable support for appliance mode. If enabled, a traffic flow between a source and destination uses the same Availability Zone for the VPC attachment for the lifetime of that flow. The default is disable 

https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-transit-gateway-vpc-attachment.html

启用Appliance Mode的方法:

aws ec2 modify-transit-gateway-vpc-attachment \
--transit-gateway-attachment-id tgw-attach-0253EXAMPLE \
--options ApplianceModeSupport=enable

另外,查询CloudFormation的文档,暂时不支持通过CloudFormation进行配置。CloudFormation文档如下:

https://docs.aws.amazon.com/zh_cn/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgatewayattachment.html

由此可得出结论,部署后通过CLI手工打开是目前唯一办法。

操作视频如下DEMO。视频有解说,注意调整音量?