从 CLI 管理 AWS Transit Gateway 路由表
除了在您创建中转网关时创建的默认路由表之外,您还可以创建其他路由表。这有助于您将特定附件与特定路由表相关联。附件可以将它们的路由传播到一个或多个路由表。您还可以将静态路由添加到路由表。
要查看您的中转网关是否有与之关联的默认路由表,请使用以下命令。
在以下输出中,DefaultRouteTableAssociation 设置为 enable,这表示默认路由表与此中转网关相关联。
AssociationDefaultRouteTableId 和 PropagationDefaultRouteTableId 具有相同的 tgw-rtb- 值,表明默认路由表用于默认关联和传播。
$ TGW_ID=tgw-11112222333344444
$ aws ec2 describe-transit-gateways --transit-gateway-ids ${TGW_ID}
{
"TransitGateways": [
{
"TransitGatewayId": "tgw-11112222333344444",
..
"Options": {
"AmazonSideAsn": 64512,
"AutoAcceptSharedAttachments": "disable",
"DefaultRouteTableAssociation": "enable",
"AssociationDefaultRouteTableId": "tgw-rtb-aaaabbbbccccdddee",
"DefaultRouteTablePropagation": "enable",
"PropagationDefaultRouteTableId": "tgw-rtb-aaaabbbbccccdddee",
..
]
}1. 使用默认值创建中转网关路由表
创建自定义中转网关路由表时,您必须指定要为哪个中转网关创建此路由表。
以下示例创建一个新的 TGW 路由表。
TGW_ID=tgw-11112222333344444
aws ec2 create-transit-gateway-route-table --transit-gateway-id ${TGW_ID}
我们在上面创建的路由表将默认关联和传播设置为 false。正如您从下面的输出中注意到的那样,这个新的自定义路由表的默认关联和传播设置为 false。
{
"TransitGatewayRouteTable": {
"TransitGatewayRouteTableId": "tgw-rtb-11112222333344455",
"TransitGatewayId": "tgw-11112222333344444",
"State": "pending",
"DefaultAssociationRouteTable": false,
"DefaultPropagationRouteTable": false,
"CreationTime": "2020-10-03T19:58:33+00:00"
}
}2. 创建带有标签的中转网关路由表
创建 TGW 路由表时,您可以使用标签规范添加标签,如下所示。在此示例中,将值“DevTGWForOnPrem”分配给名称标签。
TGW_ID=tgw-11112222333344444
aws ec2 create-transit-gateway-route-table \
--transit-gateway-id ${TGW_ID} \
--tag-specifications "ResourceType=transit-gateway-route-table,Tags=[{Key=Name,Value=DevTGWForOnPrem}]"
此命令的输出还将反映我们提供的标签。
{
"TransitGatewayRouteTable": {
"TransitGatewayRouteTableId": "tgw-rtb-00011122233344455",
"TransitGatewayId": "tgw-11112222333344444",
"State": "pending",
"DefaultAssociationRouteTable": false,
"DefaultPropagationRouteTable": false,
"CreationTime": "2020-10-03T20:06:25+00:00",
"Tags": [
{
"Key": "Name",
"Value": "DevTGWForOnPrem"
}
]
}
}3. 查看所有中转网关路由表
以下命令将显示所有 Transit Gateway 路由表。
正如您从以下输出中注意到的那样,它显示了我们创建的默认路由表和自定义路由表。
$ aws ec2 describe-transit-gateway-route-tables
{
"TransitGatewayRouteTables": [
{
"TransitGatewayRouteTableId": "tgw-rtb-11112222333344455",
"TransitGatewayId": "tgw-11112222333344444",
"State": "available",
"DefaultAssociationRouteTable": false,
"DefaultPropagationRouteTable": false,
"CreationTime": "2020-10-03T19:58:33+00:00",
"Tags": []
},
{
"TransitGatewayRouteTableId": "tgw-rtb-00011122233344455",
"TransitGatewayId": "tgw-11112222333344444",
"State": "pending",
"DefaultAssociationRouteTable": false,
"DefaultPropagationRouteTable": false,
"CreationTime": "2020-10-03T20:06:25+00:00",
"Tags": [
{
"Key": "Name",
"Value": "DevTGWForOnPrem"
}
]
}
]
}您还可以通过传递路由表 id 来查看特定路由表的详细信息,如下所示。
TGW_RT_ID=tgw-rtb-00011122233344455
aws ec2 describe-transit-gateway-route-tables \
--transit-gateway-route-table-ids ${TGW_RT_ID}4.删除中转网关路由表
要删除中转网关路由表,请使用以下命令并指定路由表 ID。
TGW_RT_ID=tgw-rtb-00011122233344455
aws ec2 delete-transit-gateway-route-table \
--transit-gateway-route-table-id ${TGW_RT_ID}上述命令的输出显示状态为删除。几秒钟后,describe-transit-gateway-route-tables 将不再显示此路由表。
{
"TransitGatewayRouteTable": {
"TransitGatewayRouteTableId": "tgw-rtb-00011122233344455",
"TransitGatewayId": "tgw-11112222333344444",
"State": "deleting",
"DefaultAssociationRouteTable": false,
"DefaultPropagationRouteTable": false,
"CreationTime": "2020-10-03T20:06:25+00:00"
}
}如果您不先删除关联,您将收到以下错误消息:调用 DeleteTransitGatewayRouteTable 操作时发生错误(IncorrectState):tgw-rtb-00011122233344455 has associated attachments
如以下示例之一所述,请确保在删除路由表之前取消所有附件的关联。
5. 将中转网关路由表关联到附件
创建路由表后,您可以使用以下命令将现有中转网关连接关联到路由表。为此,您必须同时指定路由表 ID 和附件 ID。
TGW_RT_ID=tgw-rtb-00011122233344455
TGW_ATTACHMENT_ID=tgw-attach-00011122233344aaa
aws ec2 associate-transit-gateway-route-table \
--transit-gateway-route-table-id ${TGW_RT_ID} \
--transit-gateway-attachment-id ${TGW_ATTACHMENT_ID}上述命令的输出显示状态为关联。几秒钟后,describe-transit-gateway-attachments 将显示状态为关联。
{
"Association": {
"TransitGatewayRouteTableId": "tgw-rtb-00011122233344455",
"TransitGatewayAttachmentId": "tgw-attach-00011122233344aaa",
"ResourceId": "vpc-11122233344455566",
"ResourceType": "vpc",
"State": "associating"
}
}在附加新路由表之前,您应该首先取消现有路由表与附件的关联。如果没有,您将收到以下错误消息:
调用 AssociateTransitGatewayRouteTable 操作时发生错误 (Resource.AlreadyAssociated):Transit Gateway Attachment tgw-attach-00011122233344aaa is already associated to a route table。
6. 解除 Transit Gateway 路由表与附件的关联
当您执行 describe-transit-gateway-attachments 时,输出将包含“Association”部分,其中包含 TransitGatewayRouteTableId 指示此附件与路由表相关联,如下所示。
$ TGW_ATTACHMENT_ID=tgw-attach-00011122233344aaa
$ aws ec2 describe-transit-gateway-attachments \
--transit-gateway-attachment-ids ${TGW_ATTACHMENT_ID}
{
"TransitGatewayAttachments": [
{
"TransitGatewayAttachmentId": "tgw-attach-00011122233344aaa",
"TransitGatewayId": "tgw-111222333444aaabb",
..
..
"Association": {
"TransitGatewayRouteTableId": "tgw-rtb-00011122233344455",
"State": "associated"
},
..
}
]
}followig 命令将取消给定路由表与附件的关联。
TGW_RT_ID=tgw-rtb-00011122233344455
TGW_ATTACHMENT_ID=tgw-attach-00011122233344aaa
aws ec2 disassociate-transit-gateway-route-table \
--transit-gateway-route-table-id ${TGW_RT_ID} \
--transit-gateway-attachment-id ${TGW_ATTACHMENT_ID}输出显示状态为解除关联。
{
"Association": {
"TransitGatewayRouteTableId": "tgw-rtb-00011122233344455",
"TransitGatewayAttachmentId": "tgw-attach-00011122233344aaa",
"ResourceId": "vpc-11122233344455566",
"ResourceType": "vpc",
"State": "disassociating"
}
}如下所示取消关联路由表后,您将不会再在输出中看到“关联”部分或 TransitGatewayRouteTableId。
$ aws ec2 describe-transit-gateway-attachments \
--transit-gateway-attachment-ids ${TGW_ATTACHMENT_ID}
{
"TransitGatewayAttachments": [
{
"TransitGatewayAttachmentId": "tgw-attach-00011122233344aaa",
"TransitGatewayId": "tgw-111222333444aaabb",
"TransitGatewayOwnerId": "111111111111",
"ResourceOwnerId": "111111111111",
"ResourceType": "vpc",
"ResourceId": "vpc-11122233344455566",
"State": "available",
"CreationTime": "2020-10-03T20:35:59+00:00",
"Tags": [
{
"Key": "Name",
"Value": "LearningTGWAttachmentPublic"
}
]
}
]
}7.查看路由表传播
要查看特定路由表的路由表传播,请执行以下命令。
TGW_RT_ID=tgw-rtb-00011122233344455
aws ec2 get-transit-gateway-route-table-propagations \
--transit-gateway-route-table-id ${TGW_RT_ID}
以下输出指示 VPC 中转网关连接的路由表传播。
{
"TransitGatewayRouteTablePropagations": [
{
"TransitGatewayAttachmentId": "tgw-attach-00011122233344aaa",
"ResourceId": "vpc-11122233344455566",
"ResourceType": "vpc",
"State": "enabled"
}
]
}如果没有路由表传播,您将不会在输出中看到任何条目,如下所示。
TGW_RT_ID=tgw-rtb-00011122233344455
aws ec2 get-transit-gateway-route-table-propagations \
--transit-gateway-route-table-id ${TGW_RT_ID}
{
"TransitGatewayRouteTablePropagations": []
}8. 禁用路由表中的路由传播
如果要禁用特定路由表的路由表传播,请执行以下命令。这将从路由表附件中删除传播的路由。
在禁用路由传播时,您还应该指定要禁用传播的特定附件,如下所示。
TGW_RT_ID=tgw-rtb-00011122233344455
TGW_ATTACHMENT_ID=tgw-attach-00011122233344aaa
aws ec2 disable-transit-gateway-route-table-propagation \
--transit-gateway-route-table-id ${TGW_RT_ID} \
--transit-gateway-attachment-id ${TGW_ATTACHMENT_ID}以下输出表明给定 VPC 连接的路由表传播处于禁用状态。
{
"Propagation": {
"TransitGatewayAttachmentId": "tgw-attach-00011122233344aaa",
"ResourceId": "vpc-11122233344455566",
"ResourceType": "vpc",
"TransitGatewayRouteTableId": "tgw-rtb-00011122233344455",
"State": "disabled"
}
}9. 在路由表上启用路由传播
在启用路由传播时,您还应该指定您希望为哪个特定附件启用传播,如下所示。这里的想法是您正在使用路由传播将路由从您的路由表添加到给定的附件。
TGW_RT_ID=tgw-rtb-00011122233344455
TGW_ATTACHMENT_ID=tgw-attach-00011122233344aaa
aws ec2 enable-transit-gateway-route-table-propagation \
--transit-gateway-route-table-id ${TGW_RT_ID} \
--transit-gateway-attachment-id ${TGW_ATTACHMENT_ID}以下输出表明给定 VPC 连接的路由表传播处于启用状态。
{
"Propagation": {
"TransitGatewayAttachmentId": "tgw-attach-00011122233344aaa",
"ResourceId": "vpc-11122233344455566",
"ResourceType": "vpc",
"TransitGatewayRouteTableId": "tgw-rtb-00011122233344455",
"State": "enabled"
}
}如果您没有禁用现有 RT 的传播,您将收到以下错误消息:
调用 EnableTransitGatewayRouteTablePropagation 操作时发生错误 (TransitGatewayRouteTablePropagation.Duplicate):传播 tgw-attach-00011122233344aaa 已存在于中转网关路由表 tgw-rtb-00011122233344455 中。
10. 为中转网关路由表附件创建静态路由
对于给定的附件,您可以创建到特定 CIDR 块的静态路由,如下所示。
您还可以使用相同的命令创建黑洞路由以丢弃与给定 CIDR 块匹配的流量。
CIDR="192.168.0.0/32"
TGW_RT_ID=tgw-rtb-00011122233344455
TGW_ATTACHMENT_ID=tgw-attach-00011122233344aaa
aws ec2 create-transit-gateway-route \
--destination-cidr-block ${CIDR} \
--transit-gateway-route-table-id ${TGW_RT_ID} \
--transit-gateway-attachment-id ${TGW_ATTACHMENT_ID}以下输出显示了我们刚刚添加的状态为活动状态的静态路由。
{
"Route": {
"DestinationCidrBlock": "192.168.0.0/32",
"TransitGatewayAttachments": [
{
"ResourceId": "vpc-11122233344455566",
"TransitGatewayAttachmentId": "tgw-attach-00011122233344aaa",
"ResourceType": "vpc"
}
],
"Type": "static",
"State": "active"
}
}如果您未在上述命令中指定中转网关附件 ID,您将收到以下错误消息:
调用 CreateTransitGatewayRoute 操作时出错 (MissingParameter):请求必须包含 Blackhole、TransitGatewayAttachmentId 或 VpnConnectionId 中的一个
11. 从中转网关路由表中删除静态路由
要删除之前添加的静态路由,请使用以下命令并指定 CIDR 块和路由表 ID。
CIDR="192.168.0.0/32"
TGW_RT_ID=tgw-rtb-00011122233344455
aws ec2 delete-transit-gateway-route \
--transit-gateway-route-table-id ${TGW_RT_ID} \
--destination-cidr-block ${CIDR}以下输出显示状态为已删除,表示给定静态路由已成功从路由表中删除。
{
"Route": {
"DestinationCidrBlock": "192.168.0.0/32",
"TransitGatewayAttachments": [
{
"ResourceId": "vpc-11122233344455566",
"TransitGatewayAttachmentId": "tgw-attach-00011122233344aaa",
"ResourceType": "vpc"
}
],
"Type": "static",
"State": "deleted"
}
}如果路由不存在,您将收到以下错误消息:
调用 DeleteTransitGatewayRoute 操作时发生错误 (InvalidRoute.NotFound):中转网关路由表 tgw-rtb-00011122233344455 中不存在路由 192.168.0.0/32。
12. 将路由表以 JSON 格式导出到 S3 Bucket
当您的路由表上有多个静态路由时,您可以将它们导出为 JSON 文件并将其存储在 S3 存储桶中。这可以作为备份静态路由的一种方式来完成。
TGW_RT_ID=tgw-rtb-00011122233344455
S3_BUCKET=tgs-tgw-backup
aws ec2 export-transit-gateway-routes \
--transit-gateway-route-table-id ${TGW_RT_ID} \
--s3-bucket ${S3_BUCKET}输出显示由上述命令在给定 S3 存储桶下创建的完整文件夹结构和导出文件名。
{
“S3Location”:“s3://tgs-tgw-backup/VPCTransitGateway/TransitGatewayRouteTables/111111111111_us-east-1_tgw-rtb-00011122233344455_2020-10-03T21-12-06.json”
}
以下是上述 JSON 导出文件内容的示例。
{
"routes": [
{
"destinationCidrBlock": "10.0.0.0/20",
"transitGatewayAttachments": [
{
"resourceId": "vpc-11122233344455566",
"transitGatewayAttachmentId": "tgw-attach-00011122233344aaa",
"resourceType": "vpc"
}
],
"type": "propagated",
"state": "active"
}
]
}- 点赞
- 收藏
- 关注作者
评论(0)