Soracom Canal

Transit Gateway Configuration

Requirements

To configure Canal with a Transit Gateway Connection, you will need:

• An AWS Transit Gateway located in the same AWS region as your VPG with Default route table propagation enabled. If you haven't already created a Transit Gateway, follow the instructions in the Creating a Transit Gateway section of this document.
• A Type-F VPG. If you haven't already created a VPG, follow the instructions in the Creating a VPG section of this document.

Limitations

When you create a Virtual Private Gateway (VPG), Soracom will automatically allocate resources for the VPG within the 10.21.0.0/16 IP address range. As a result, your VPC cannot include this IP address range. If your AWS VPC uses a CIDR block that includes this range, you will need to create a new VPC with a CIDR block that does not include this range.

Configuration

Creating a VPG

Follow the instructions from the Virtual Private Gateway Configuration documentation to create a new VPG with the following options:

• Type - Select Type-F. Type-E VPGs do not support Transit Gateway connections.
• Use internet gateway - ON or OFF. Select ON if you have a requirement to communicate with the internet without sending data through the Transit Gateway. Otherwise, select OFF.
• Rendezvous Point - Select the rendezvous point in the same region as your Transit Gateway. If you do not see your region listed you will have to create a new Transit Gateway in one of the supported regions and peer to your current region in AWS. Soracom does not currently support inter-region attachment.

For more information on each option, refer to the Virtual Private Gateway Configuration documentation.

Creating a Transit Gateway

You can create a Transit Gateway by following these instructions:

1. Log in to the AWS Management Console, click the Services menu, and open the VPC dashboard.

2. In the Region selector, choose the Region that you selected for your VPG rendezvous point.

3. In the navigation menu's Transit gateways section, click Transit gateways.

4. Click Create transit gateway.

5. Configure your transit gateway as desired, ensuring that Default route table propagation is enabled. Then click Create transit gateway. The transit gateway will now be provisioned by AWS.

6. Wait for the Transit Gateway to be provisioned and its state to become Available.

7. In the navigation menu's Transit gateways section, click Transit gateway attachments.

8. Click Create transit gateway attachment.

9. Set a descriptive name in the Name tag field, under Transit gateway ID select the transit gateway you just created, and under VPC ID choose your VPC. Then click Create transit gateway attachment.

Sharing the Transit Gateway

You can now share the Transit Gateway resource that you have created with Soracom.

1. Log in to the AWS Management Console, click the Services menu and open the Resource Access Manager dashboard.

2. Click Create resource share.

3. Set the following fields:

   • Resource Share Name - Any name.
   • Resources - Select Transit Gateways from the dropdown menu, then select the Transit Gateway you would like to connect.

   Then click Next.

4. On the Associate managed permissions page leave the default settings and click Next again.

5. On the Grant access to principals page set the following fields:

   • Principals - Allow sharing with anyone.
   • Select principal type - Select AWS account and enter one of the following account IDs depending on your VPG coverage type, then click Add.
     • Japan coverage: 762707677580.
     • Global coverage: 950858143650.

   Then click Next.

6. Click Create resource share. Make sure to note the ID of the resource share. This will be required when applying for your connection.

Applying for the Transit Gateway Connection

You may now submit a support ticket to request a connection to your Transit Gateway.

1. Gather the following information for your support request:

   • Your AWS account ID number. You can find your AWS account number by logging into the AWS Management Console . On the upper right corner of the console, click the ? support menu, then select Support Center. Your AWS account number will be displayed at the top of the navigation menu on the left side:

     https://console.aws.amazon.com

     

     https://console.aws.amazon.com

     

   • The AWS region where your Transit Gateway is located.
   • Your Soracom VPG ID. This can be found in your VPG list and the VPG overview table.
   • The CIDR range which you want to route to the Transit Gateway.
   • The Transit Gateway Resource Share ID. You can find the ID of a resource share by logging in to the AWS Management Console, clicking the Services menu and opening the Resource Access Manager dashboard. Then, from the Shared by me category in the navigation menu, select resource shares.

2. Submit a support ticket, selecting I want to connect an AWS Transit Gateway to my VPG as the category for your request.

3. Soracom will initiate the share and you will be notified of a connection from an Amazon VPC with VPG to your Transit Gateway. You must then authorize that Transit Gateway connection. Once it has been accepted, Soracom will add the routing settings for Transit Gateway to the VPG's route table and notify you via the support ticket.

Adding Transit Gateway Routing to your Amazon VPC Route Table

To communicate from the VPG to your Amazon VPC via the Transit Gateway, you need to configure the return communication routing settings from your Amazon VPC to the Transit Gateway.

1. Log in to the AWS Management Console, click the Services menu, and open the VPC dashboard. Then click the Your VPCs section.

2. Click the route table ID in the Main route table column for the VPC that is connected to your VPG.

3. Click the checkbox for route table, select the Routes tab, and click Edit routes.

4. Click Add route.

5. In the new route set the following fields:

   • Destination - Enter the CIDR block of the Transit Gateway Connection ID sent to you by Soracom.
   • Target - Select Transit Gateway and enter the Transit Gateway Connection ID that was sent to you by Soracom.
6. Click Save Changes.

Terminating Canal Connections

If you no longer need a closed network connection using Canal you may delete the VPG associated with the Canal connection. If you would like to keep using your VPG but remove the Canal connection, please contact our support team for further assistance.