View and monitor your global network

Prerequisites

Before you begin, ensure that you have a transit gateway with attachments in your account. For more information, see Getting Started with Transit Gateways.

The transit gateway must be in the same AWS account as the global network.

Step 1: Create a global network

Create a global network as a container for your transit gateway.

To create a global network

1. Open the AWS Network Manager console at https://console.aws.amazon.com/vpc/

home#networkmanager/.

2. Choose Get started.

3. In the navigation pane, choose Global networks.

4. Choose Create global network.

5. Enter a name and description for the global network, and choose Create global network.

Step 2: Register your transit gateway

Register your transit gateway in your global network.

Step 3: (Optional) Define and associate your on-premises network resources

To register the transit gateway

1. Access the AWS Network Manager console at https://console.aws.amazon.com/vpc/

home#networkmanager/.

2. Choose Get started.

3. On the Global networks page, choose the global network ID.

4. In the navigation pane, choose Transit gateways. Choose Register transit gateway.

5. Select the transit gateway in the list, and choose Register transit gateway.

Step 3: (Optional) Define and associate your on-premises network resources

You can define your on-premises network by creating sites, links, and devices to represent objects in your network. For more information, see the following procedures:

• Create a site (p. 19)

• Create a link (p. 20)

• Create a device (p. 22)

You associate the device with a specific site, and with one or more links. For more information, see Associate a device (p. 23).

On your transit gateway you can

• Create a Site-to-Site VPN connection attachment. For more information, see Customer gateway associations (p. 26).

• Create a transit gateway Connect attachment, and then associate the Connect peer with the device.

For more information, see the section called “Transit Gateway Connect peer associations” (p. 28).

You can also work with one of our Partners in the AWS Partner Network (APN) to provision and connect your on-premises network. For more information, see AWS Network Manager.

Step 4: View and monitor your global network

The AWS Network Manager console provides a dashboard for you to view and monitor both core network and transit gateway network objects in your global network.

To access the dashboard for your global network

1. Access the AWS Network Manager console at https://console.aws.amazon.com/vpc/

home#networkmanager/.

2. Choose Get started.

3. On the Global networks page, choose the global network ID.

4. The Overview page provides an inventory of the objects in your global network for both core networks and transit gateway networks. For more information about the pages in the dashboard, see the section called “Visualize transit gateway networks” (p. 30).

AWS-only global network

Scenarios: Manage transit gateway networks with AWS Network

Manager

The following are common use cases and scenarios for using AWS Network Manager to manage your transit gateways.

Contents

• AWS-only global network (p. 8)

• Single device with a single VPN connection (p. 9)

• Device with multiple VPN connections (p. 10)

• Multi-device and multi-link site (p. 11)

• SD-WAN connecting to AWS (p. 12)

• Connection between devices (p. 14)

AWS-only global network

In this scenario, your AWS network consists of three transit gateways. You own transit gateways tgw-1 and tgw-3. Transit gateway tgw-1 has a peering attachment with transit gateway tgw-2 that's in a different AWS account. Your entire network is within AWS, and does not consist of on-premises resources.

Single device with a single VPN connection

For this scenario, do the following in AWS Network Manager:

• Create a global network. For more information, see Create a global network (p. 15).

• Register the transit gateways tgw-1 and tgw-3 with your global network. For more information, see Register a transit gateway (p. 17).

When you register tgw-1, the transit gateway peering attachment is included in the global network and you can see information about tgw-2. However, any attachments for tgw-2 are not included in your global network.

Single device with a single VPN connection

In the following scenario, your global network consists of a single site with a single device and link. The site is connected to your AWS network through a Site-to-Site VPN attachment on a transit gateway. Your transit gateway also has two VPC attachments.

Device with multiple VPN connections

For this scenario, do the following in AWS Network Manager:

• Create a global network. For more information, see Create a global network (p. 15).

• Register the transit gateway. For more information, see Register a transit gateway (p. 17).

• Create a site, device, and link. For more information, see Sites (p. 18), Devices (p. 21), and Links (p. 20).

• Associate the device with the site and with the link. For more information, see Associate a device (p. 23).

• Associate the customer gateway (for the transit gateway Site-to-Site VPN attachment) with the device, and optionally, the link. For more information, see Customer gateway associations (p. 26).

Device with multiple VPN connections

In the following scenario, your on-premises network consists of a device with two Site-to-Site VPN connections to AWS. The device is associated with two customer gateways on two different transit gateways. Each VPN connection uses a separate link. To indicate which link applies to which VPN connection, you associate the customer gateway with both the device and the corresponding link.

Multi-device and multi-link site

For this scenario, do the following in AWS Network Manager:

• Create a global network. For more information, see Create a global network (p. 15).

• Register the transit gateways. For more information, see Register a transit gateway (p. 17).

• Create a site, device, and link. For more information, see Sites (p. 18), Devices (p. 21), and Links (p. 20).

• Associate the device with the site and both links. For more information, see Associate a device (p. 23).

• Associate each customer gateway with the device and the corresponding link. For more information, see Customer gateway associations (p. 26).

Multi-device and multi-link site

In the following scenario, your on-premises network consists of a site with two devices and two separate Site-to-Site VPN connections to AWS. For example, in a single building or campus, you might have multiple devices connected to AWS resources. Each device is associated with a customer gateway that's attached to your transit gateway.

SD-WAN connecting to AWS

Your AWS network is also connected to your on-premises network though an AWS Direct Connect gateway, which is an attachment on your transit gateway.

For this scenario, do the following in AWS Network Manager:

• Create a global network. For more information, see Create a global network (p. 15).

• Register the transit gateway. For more information, see Register a transit gateway (p. 17).

• Create one site, two devices, and two links. For more information, see Sites (p. 18), Devices (p. 21), and Links (p. 20).

• Associate each device with the corresponding link. For more information, see Associate a device (p. 23).

• Associate each customer gateway with the corresponding device and link. For more information, see Customer gateway associations (p. 26).

SD-WAN connecting to AWS

In the following example, your on-premises network consists of two sites. The Chicago site has two devices and the New York site has one device. Your AWS network consists of two transit gateways. All devices are associated with customer gateways (Site-to-Site VPN attachments) on both transit gateways.

SD-WAN connecting to AWS

Your on-premises network is managed using SD-WAN. The SD-WAN controller creates Site-to-Site VPN connections to the transit gateways, and creates the device, site, and link resources in AWS Network Manager. This automates connectivity and enables you to get a full view of your network in AWS Network Manager. The SD-WAN controller can also use AWS Network Manager events and metrics to enhance its dashboard.

For more information about Partners who can help you set up your Site-to-Site VPN connections, see AWS Network Manager.

Connection between devices

Connection between devices

In the following scenario, your AWS network consists of a transit gateway with a Connect attachment to a VPC that contains a virtual appliance on an EC2 instance. A Transit Gateway Connect peer (GRE tunnel) is established between the transit gateway and the appliance. The appliance is connected to a physical device in your on-premises network through a connection.

For this scenario, do the following in AWS Network Manager:

• Create a global network. For more information, see Create a global network (p. 15).

• Register the transit gateway. For more information, see Register a transit gateway (p. 17).

• Create a site, device, and link for your on-premises network. For more information, see Sites (p. 18), Devices (p. 21), and Links (p. 20).

• Associate the device with the site and with the link. For more information, see Associate a device (p. 23).

• Create a device for the EC2 virtual device. For visualization in the AWS Network Manager console, specify the AWS location of the device (for example, the Availability Zone). For more information, see Devices (p. 21).

• Create a connection between the on-premises device and the virtual device. For more information, see Connections (p. 25).

• Associate the Transit Gateway Connect peer with the on-premises device. For more information, see Transit Gateway Connect peer associations (p. 28).

Global networks

Work with AWS Network Manager

You can work with AWS Network Manager using the AWS Network Manager console or the AWS CLI.

Contents

• Global networks (p. 15)

• Transit gateway registrations (p. 17)

• Sites (p. 18)

• Links (p. 20)

• Devices (p. 21)

• Connections (p. 25)

• Customer gateway associations (p. 26)

• Transit Gateway Connect peer associations (p. 28)

Global networks

A global network is a container for your network objects. When you create a global network, it's empty.

After you create it, you can register your transit gateways and define your on-premises networks in the global network.

Tasks

• Create a global network (p. 15)

• View a global network (p. 16)

• Update a global network (p. 16)

• Delete a global network (p. 17)

Create a global network

Create a global network.

To create a global network

1. Access the AWS Network Manager console at https://console.aws.amazon.com/vpc/

home#networkmanager/.

2. Choose Get started.

3. On the Global networks page, choose the global network ID.

4. Choose Create global network.

5. Enter a Name and Description for your global network.

6. (Optional) In Additional settings, add Key and Value tags that further help identify an Network Manager resource. To add multiple tags, choose Add tag for each tag you want to add.

7. Choose Next.

View a global network

8. To create a AWS Transit Gateway network only, clear the Add core network in your global network check box on the Create global network - optional page, and then choose Next.

Note

Core networks are only used with AWS Cloud WAN. If you're creating global network for AWS Cloud WAN and want to create a core network, see Create a core network policy in the AWS Cloud WAN User Guide.

9. Review the information for the global network you

To create a global network using the AWS CLI Use the create-global-network command.

View a global network

You can view the details of your global network and information about the network objects in your global network.

To view your global network information

1. Access the AWS Network Manager console at https://console.aws.amazon.com/vpc/

home#networkmanager/.

2. Choose Get started.

3. On the Global networks page, choose the global network ID.

4. The Overview page displays an inventory of the objects in both your core network and transit gateway network. To view details about the global network resource (such as its ARN), choose Details. For more information about the other pages on the dashboard, see the section called

“Visualize transit gateway networks” (p. 30).

To view global network details using the AWS CLI Use the describe-global-networks command.

Update a global network

You can modify the description or tags for a global network.

To update your global network

1. Access the AWS Network Manager console at https://console.aws.amazon.com/vpc/

home#networkmanager/.

2. Choose Get started.

3. On the Global networks page, choose the global network ID.

4. Choose Edit.

5. For Description, enter a new description for the global network.

6. For Tags, choose Remove tag to remove an existing tag, or choose Add tag to add a new tag.

7. Choose Edit global network.

To update a global network using the AWS CLI

Use the update-global-network command to update the description. Use the tag-resource and untag-resource commands to update the tags.

Delete a global network

Delete a global network

You cannot delete a global network if there are any network objects in the global network, including transit gateways, links, devices, and sites. You must first deregister or delete the network objects.

To delete your global network

1. Open the AWS Network Manager console at https://console.aws.amazon.com/vpc/

home#networkmanager/.

2. Choose Get started.

3. In the navigation pane, choose Global networks.

4. Choose your global network and choose Delete.

5. In the confirmation dialog box, choose Delete.

To delete a global network using the AWS CLI Use the delete-global-network command.

Transit gateway registrations

You can register your existing transit gateways with a global network. Any transit gateway attachments (such as VPCs, VPN connections, and AWS Direct Connect gateways) are automatically included in your global network.

You cannot create, delete, or modify your transit gateways and their attachments using the AWS Network Manager console or APIs. To work with transit gateways, use the Amazon VPC console or the Amazon EC2 APIs.

You can register a transit gateway with one global network only. You can register transit gateways that are in the same AWS account as the global network.

Tasks

• Register a transit gateway (p. 17)

• View your registered transit gateways (p. 18)

• Deregister a transit gateway (p. 18)

Register a transit gateway

Register a transit gateway with a global network. You cannot register a transit gateway with more than one global network.

To register a transit gateway

1. Access the AWS Network Manager console at https://console.aws.amazon.com/vpc/

home#networkmanager/.

2. Choose Get started.

3. On the Global networks page, choose the global network ID.

4. In the navigation pane, choose Transit gateways. Choose Register transit gateway.

5. Select the transit gateway in the list, and choose Register transit gateway.

View your registered transit gateways

To register a transit gateway using the AWS CLI Use the register-transit-gateway command.

View your registered transit gateways

View the registered transit gateways in your global network.

To access your registered transit gateways

1. Access the AWS Network Manager console at https://console.aws.amazon.com/vpc/

home#networkmanager/.

2. Choose Get started.

3. On the Global networks page, choose the global network ID.

4. In the navigation pane, choose Transit gateways.

5. The Transit gateways page lists your registered transit gateways. Choose the ID of transit gateway to view its details.

To view your registered transit gateways using the AWS CLI Use the get-transit-gateway-registrations command.

Deregister a transit gateway

Deregister a transit gateway from a global network.

To deregister a transit gateway

1. Access the AWS Network Manager console at https://console.aws.amazon.com/vpc/

home#networkmanager/.

2. Choose Get started.

3. On the Global networks page, choose the global network ID.

4. In the navigation pane, choose Transit gateways.

5. Select your transit gateway, and choose Deregister.

To deregister a transit gateway using the AWS CLI Use the deregister-transit-gateway command.

Sites

You can represent your on-premises network in your global network through sites, devices, and links. For more information, see Define and associate your on-premises network (p. 3). You then associate a device with a site and one or more links.

A site is created for a specific global network and cannot be shared with other global networks.

Tasks

• Create a site (p. 19)

• Update a site (p. 19)

Create a site

• Delete a site (p. 19)

Create a site

Create a site to represent the physical location of your network. The location information is used for visualization in the AWS Network Manager console.

To create a site

1. Access the AWS Network Manager console at https://console.aws.amazon.com/vpc/

home#networkmanager/.

2. Choose Get started.

3. On the Global networks page, choose the global network ID.

4. In the navigation pane, choose Sites. Choose Create site.

5. For Name and Description, enter a name and description for the site.

6. For Address, enter the physical address of the site, for example, New York, NY 10004.

7. For Latitude, enter the latitude coordinates for the site, for example, 40.7128.

8. For Longitude, enter the longitude coordinates for the site, for example, -74.0060.

9. Choose Create site.

Creating and viewing a site using the AWS CLI Use the following commands:

• To create a site: create-site

• To view your sites: get-sites

Update a site

You can update the details of your site, including the description, address, latitude, and longitude.

To update a site

1. Access the AWS Network Manager console at https://console.aws.amazon.com/vpc/

home#networkmanager/.

2. Choose Get started.

3. On the Global networks page, choose the global network ID.

4. In the navigation pane, choose Sites, and select your site.

5. Choose Edit.

6. Update the description, address, latitude, longitude, and tags as needed.

7. Choose Edit site.

Updating a site using the AWS CLI Use the update-site command.

Delete a site

If you no longer need a site, you can delete it. You must first disassociate the site from any devices and delete any links for the site.

Links

To delete a site

1. Access the AWS Network Manager console at https://console.aws.amazon.com/vpc/

home#networkmanager/.

2. Choose Get started.

3. On the Global networks page, choose the global network ID.

4. In the navigation pane, choose Sites.

5. Select the site and choose Delete.

6. In the confirmation dialog box, choose Delete.

Deleting a site using the AWS CLI Use the delete-site command.

Links

You can represent your on-premises network in your global network through sites, devices, and links. For more information, see Define and associate your on-premises network (p. 3). You then associate a device with a site and one or more links.

A link is created for a specific global network and cannot be shared with other global networks.

Tasks

• Create a link (p. 20)

• Update a link (p. 21)

• Delete a link (p. 21)

Create a link

Create a link to represent an internet connection from a device. A link is created for a specific site, therefore you must create a site before you create a link.

To create a link

1. Access the AWS Network Manager console at https://console.aws.amazon.com/vpc/

home#networkmanager/.

2. Choose Get started.

3. On the Global networks page, choose the global network ID.

4. In the navigation pane, choose Sites. Choose the ID of the site for which to create the link, and the choose Links.

5. Choose Create link.

6. For Name and Description, enter a name and description for the link.

7. For Upload speed, enter the upload speed in Mbps.

8. For Download speed, enter the download speed in Mbps.

9. For Provider, enter the name of the service provider.

10. For Type, enter the type of link, for example, broadband.

11. Choose Create link.

Creating and viewing a link using the AWS CLI

Update a link

Use the following commands:

• To create a link: create-link

• To view your links: get-links

Update a link

You can update the details of your link, including the bandwidth information, description, provider, and type.

To update a link

1. Access the AWS Network Manager console at https://console.aws.amazon.com/vpc/

home#networkmanager/.

2. Choose Get started.

3. On the Global networks page, choose the global network ID.

4. In the navigation pane, choose Sites and choose the ID for the site. Choose Links.

5. Select the link and choose Edit.

6. Update the link details as needed, then choose Edit link.

Updating a link using the AWS CLI Use the update-link command.

Delete a link

If you no longer need a link, you can delete it. You must first disassociate the link from any devices and customer gateways.

To delete a link

1. Access the AWS Network Manager console at https://console.aws.amazon.com/vpc/

home#networkmanager/.

2. Choose Get started.

3. On the Global networks page, choose the global network ID.

4. In the navigation pane, choose Sites and choose the ID for the site. Choose Links.

5. Select the link and choose Delete.

6. In the confirmation dialog box, choose Delete.

Deleting a link using the AWS CLI Use the delete-link command.

Devices

You can represent your on-premises network in your global network through sites, devices, and links. For more information, see Define and associate your on-premises network (p. 3). You can then associate a device with a site and one or more links.

Create a device

You can also create a device to represent a virtual appliance in your AWS network. For more information, see Connection between devices (p. 14).

A device is created for a specific global network and cannot be shared with other global networks.

Tasks

Tasks

在文檔中 Amazon VPC (頁 10-70)