≡菜单

通过CLI管理AWS Transit Gateway路由表的12个示例

AWS Transit网关路由表

除了在创建传输网关时创建的默认路由表之外,您还可以创建其他路由表。这有助于您将特定附件与特定路由表相关联。附件可以将其路由传播到一个或多个路由表。您还可以将静态路由添加到路由表。

要查看您的传输网关是否具有与之关联的默认路由表,请使用以下命令。

在以下输出中,将DefaultRouteTableAssociation设置为enable,这表明默认路由表与此传输网关相关联。

The 协会DefaultRouteTableId and PropagationDefaultRouteTableId has the same tgw-rtb- values indicating that the default route table is used for both default association and propagation.

$ TGW_ID=tgw-11112222333344444
$ aws ec2 describe-transit-gateways --transit-gateway-ids ${TGW_ID}

{
  "TransitGateways": [
    {
      "TransitGatewayId": "tgw-11112222333344444",
      ..
      "Options": {
          "AmazonSideAsn": 64512,
          "AutoAcceptSharedAttachments": "disable",
          "DefaultRouteTableAssociation": "enable",
          "协会DefaultRouteTableId": "tgw-rtb-aaaabbbbccccdddee",
          "DefaultRouteTablePropagation": "enable",
          "PropagationDefaultRouteTableId": "tgw-rtb-aaaabbbbccccdddee",
          ..

  ]
}

如果您不熟悉AWS Transit Gateway,请参阅此内容以了解如何同时管理Transit Gateway和附件: 24通过CLI管理AWS Transit网关和附件的示例

1.使用默认值创建公交网关路由表

创建自定义传输网关路由表时,必须指定要为其创建此路由表的传输网关。

以下示例创建一个新的TGW路由表。

TGW_ID=tgw-11112222333344444

aws ec2 create-transit-gateway-route-table --transit-gateway-id ${TGW_ID}

我们在上面创建的路由表会将默认关联和传播设置为false。从下面的输出中可以注意到,此新的自定义路由表的默认关联和传播设置为false。

{
  "TransitGatewayRouteTable": {
      "TransitGatewayRouteTableId": "tgw-rtb-11112222333344455",
      "TransitGatewayId": "tgw-11112222333344444",
      "State": "pending",
      "DefaultAssociationRouteTable": false,
      "DefaultPropagationRouteTable": false,
      "CreationTime": "2020-10-03T19:58:33+00:00"
  }
}

2.使用标签创建公交网关路由表

创建TGW路由表时,可以使用标签规范添加标签,如下所示。在此示例中,值“DevTGWForOnPrem”被分配给名称标签。

TGW_ID=tgw-11112222333344444

aws ec2 create-transit-gateway-route-table \
  --transit-gateway-id ${TGW_ID} \
  --tag-specifications "ResourceType=transit-gateway-route-table,Tags=[{Key=Name,Value=DevTGWForOnPrem}]"

此命令的输出还将反映我们提供的标签。

{
  "TransitGatewayRouteTable": {
    "TransitGatewayRouteTableId": "tgw-rtb-00011122233344455",
    "TransitGatewayId": "tgw-11112222333344444",
    "State": "pending",
    "DefaultAssociationRouteTable": false,
    "DefaultPropagationRouteTable": false,
    "CreationTime": "2020-10-03T20:06:25+00:00",
    "Tags": [
        {
            "Key": "名称",
            "Value": "DevTGWForOnPrem"
        }
    ]
  }
}

3.查看所有公交网关路由表

以下命令将显示所有Transit Gateway路由表。

从以下输出中您会注意到,它显示了我们创建的默认路由表和自定义路由表。

$ aws ec2 describe-transit-gateway-route-tables

{
  "TransitGatewayRouteTables": [
    {
      "TransitGatewayRouteTableId": "tgw-rtb-11112222333344455",
      "TransitGatewayId": "tgw-11112222333344444",
      "State": "available",
      "DefaultAssociationRouteTable": false,
      "DefaultPropagationRouteTable": false,
      "CreationTime": "2020-10-03T19:58:33+00:00",
      "Tags": []
    },
    {
      "TransitGatewayRouteTableId": "tgw-rtb-00011122233344455",
      "TransitGatewayId": "tgw-11112222333344444",
      "State": "pending",
      "DefaultAssociationRouteTable": false,
      "DefaultPropagationRouteTable": false,
      "CreationTime": "2020-10-03T20:06:25+00:00",
      "Tags": [
          {
              "Key": "名称",
              "Value": "DevTGWForOnPrem"
          }
      ]
    }
  ]
}

您还可以通过传递路由表ID来查看特定路由表的详细信息,如下所示。

TGW_RT_ID=tgw-rtb-00011122233344455

aws ec2 describe-transit-gateway-route-tables \
  --transit-gateway-route-table-ids ${TGW_RT_ID}

4.删除公交网关路由表

要删除转接网关路由表,请使用以下命令并指定路由表ID。

TGW_RT_ID=tgw-rtb-00011122233344455

aws ec2 delete-transit-gateway-route-table \
  --transit-gateway-route-table-id ${TGW_RT_ID}

上面命令的输出将状态显示为正在删除。几秒钟后,describe-transit-gateway-route-tables将不再显示此路由表。

{
  "TransitGatewayRouteTable": {
      "TransitGatewayRouteTableId": "tgw-rtb-00011122233344455",
      "TransitGatewayId": "tgw-11112222333344444",
      "State": "deleting",
      "DefaultAssociationRouteTable": false,
      "DefaultPropagationRouteTable": false,
      "CreationTime": "2020-10-03T20:06:25+00:00"
  }
}

如果你不这样做’t首先删除关联,您’ll将收到以下错误消息:调用DeleteTransitGatewayRouteTable操作时发生错误(IncorrectState):tgw-rtb-00011122233344455具有关联的附件

如以下示例之一所述,请确保在删除路由表之前取消关联所有附件。

5.将公交网关路由表与附件关联

创建路由表后,可以使用以下命令将现有的传输网关附件与路由表相关联。为此,您必须同时指定路由表ID和附件ID。

TGW_RT_ID=tgw-rtb-00011122233344455
TGW_ATTACHMENT_ID=tgw-attach-00011122233344aaa

aws ec2 associate-transit-gateway-route-table \
  --transit-gateway-route-table-id ${TGW_RT_ID} \
  --transit-gateway-attachment-id ${TGW_ATTACHMENT_ID}

上面命令的输出显示状态为关联。几秒钟后,describe-transit-gateway-attachments将状态显示为已关联。

{
  "协会": {
      "TransitGatewayRouteTableId": "tgw-rtb-00011122233344455",
      "TransitGatewayAttachmentId": "tgw-attach-00011122233344aaa",
      "ResourceId": "vpc-11122233344455566",
      "ResourceType": "vpc",
      "State": "associating"
  }
}

在附加新路由表之前,应首先从附件中取消其现有路由表的关联。如果没有,你’会得到以下错误信息:
调用AssociateTransitGatewayRouteTable操作时发生错误(Resource.AlreadyAssociated):运输网关附件tgw-attach-00011122233344aaa已经与路由表关联。

6.取消传输网关路由表与附件的关联

当您描述describe-transit-gateway-attachments时,输出将具有“Association”具有TransitGatewayRouteTableId的部分,指示此附件与路由表相关联,如下所示。

$ TGW_ATTACHMENT_ID=tgw-attach-00011122233344aaa
$ aws ec2 describe-transit-gateway-attachments \
  --transit-gateway-attachment-ids ${TGW_ATTACHMENT_ID}

{
  "TransitGatewayAttachments": [
    {
      "TransitGatewayAttachmentId": "tgw-attach-00011122233344aaa",
      "TransitGatewayId": "tgw-111222333444aaabb",
      ..
      ..
      "协会": {
          "TransitGatewayRouteTableId": "tgw-rtb-00011122233344455",
          "State": "associated"
      },
      ..
    }
  ]
}

followig命令将取消给定路由表与附件的关联。

TGW_RT_ID=tgw-rtb-00011122233344455
TGW_ATTACHMENT_ID=tgw-attach-00011122233344aaa

aws ec2 disassociate-transit-gateway-route-table \
  --transit-gateway-route-table-id ${TGW_RT_ID} \
  --transit-gateway-attachment-id ${TGW_ATTACHMENT_ID}

输出显示该状态为分离状态。

{
  "协会": {
      "TransitGatewayRouteTableId": "tgw-rtb-00011122233344455",
      "TransitGatewayAttachmentId": "tgw-attach-00011122233344aaa",
      "ResourceId": "vpc-11122233344455566",
      "ResourceType": "vpc",
      "State": "disassociating"
  }
}

取消路由表的关联后,如下所示,您可以’ll not see the “Association”部分或输出中的TransitGatewayRouteTableId了。

$ aws ec2 describe-transit-gateway-attachments \
  --transit-gateway-attachment-ids ${TGW_ATTACHMENT_ID}
{
  "TransitGatewayAttachments": [
    {
      "TransitGatewayAttachmentId": "tgw-attach-00011122233344aaa",
      "TransitGatewayId": "tgw-111222333444aaabb",
      "TransitGatewayOwnerId": "111111111111",
      "ResourceOwnerId": "111111111111",
      "ResourceType": "vpc",
      "ResourceId": "vpc-11122233344455566",
      "State": "available",
      "CreationTime": "2020-10-03T20:35:59+00:00",
      "Tags": [
          {
              "Key": "名称",
              "Value": "LearningTGWAttachmentPublic"
          }
      ]
    }
  ]
}

7.查看路由表传播

要查看特定路由表的路由表传播,请执行以下命令。

TGW_RT_ID=tgw-rtb-00011122233344455

aws ec2 get-transit-gateway-route-table-propagations \
--transit-gateway-route-table-id ${TGW_RT_ID}

以下输出表明VPC传输网关附件的路由表传播。

{
  "TransitGatewayRouteTablePropagations": [
    {
      "TransitGatewayAttachmentId": "tgw-attach-00011122233344aaa",
      "ResourceId": "vpc-11122233344455566",
      "ResourceType": "vpc",
      "State": "enabled"
    }
  ]
}

如果没有路由表传播,则您’如下图所示,在输出中将看不到任何条目。

TGW_RT_ID=tgw-rtb-00011122233344455

aws ec2 get-transit-gateway-route-table-propagations \
--transit-gateway-route-table-id ${TGW_RT_ID}
{
    "TransitGatewayRouteTablePropagations": []
}

8.从路由表中禁用路由传播

如果要禁用特定路由表的路由表传播,请执行以下命令。这将从路由表附件中删除传播的路由。

禁用路由传播时,还应指定要禁用其传播的特定附件,如下所示。

TGW_RT_ID=tgw-rtb-00011122233344455
TGW_ATTACHMENT_ID=tgw-attach-00011122233344aaa

aws ec2 disable-transit-gateway-route-table-propagation \
  --transit-gateway-route-table-id ${TGW_RT_ID} \
  --transit-gateway-attachment-id ${TGW_ATTACHMENT_ID}

以下输出表明,对于给定的VPC附件,路由表传播处于禁用状态。

{
  "Propagation": {
      "TransitGatewayAttachmentId": "tgw-attach-00011122233344aaa",
      "ResourceId": "vpc-11122233344455566",
      "ResourceType": "vpc",
      "TransitGatewayRouteTableId": "tgw-rtb-00011122233344455",
      "State": "disabled"
  }
}

9.在路由表上启用路由传播

启用路由传播时,您还应该指定要启用其传播的特定附件,如下所示。这里的想法是您正在使用路由传播将路由从路由表添加到给定的附件。

TGW_RT_ID=tgw-rtb-00011122233344455
TGW_ATTACHMENT_ID=tgw-attach-00011122233344aaa

aws ec2 enable-transit-gateway-route-table-propagation \
  --transit-gateway-route-table-id ${TGW_RT_ID} \
  --transit-gateway-attachment-id ${TGW_ATTACHMENT_ID}

以下输出表明,对于给定的VPC附件,路由表传播处于启用状态。

{
  "Propagation": {
      "TransitGatewayAttachmentId": "tgw-attach-00011122233344aaa",
      "ResourceId": "vpc-11122233344455566",
      "ResourceType": "vpc",
      "TransitGatewayRouteTableId": "tgw-rtb-00011122233344455",
      "State": "enabled"
  }
}

如果你没有’t禁用现有RT的传播,您’会得到以下错误信息:

调用EnableTransitGatewayRouteTablePropagation操作时发生错误(TransitGatewayRouteTablePropagation.Duplicate):运输网关路由表tgw-rtb-00011122233344455中已经存在传播tgw-attach-00011122233344aaa。

10.为公交网关路由表附件创建静态路由

对于给定的附件,您可以创建到特定CIDR块的静态路由,如下所示。

您可以使用同一命令来创建黑洞路由,以删除与给定CIDR块匹配的流量。

CIDR="192.168.0.0/32"
TGW_RT_ID=tgw-rtb-00011122233344455
TGW_ATTACHMENT_ID=tgw-attach-00011122233344aaa

aws ec2 create-transit-gateway-route \
  --destination-cidr-block ${CIDR} \
  --transit-gateway-route-table-id ${TGW_RT_ID} \
  --transit-gateway-attachment-id ${TGW_ATTACHMENT_ID}

以下输出显示了我们刚刚在State处于活动状态时添加的静态路由。

{
  "Route": {
    "DestinationCidrBlock": "192.168.0.0/32",
    "TransitGatewayAttachments": [
      {
          "ResourceId": "vpc-11122233344455566",
          "TransitGatewayAttachmentId": "tgw-attach-00011122233344aaa",
          "ResourceType": "vpc"
      }
    ],
    "Type": "static",
    "State": "active"
  }
}

如果你不这样做’在上述命令中指定传输网关附件ID,您’会得到以下错误信息:

调用CreateTransitGatewayRoute操作时发生错误(MissingParameter):请求必须完全包含Blackhole,TransitGatewayAttachmentId或VpnConnectionId中的一个

11.从Transit Gateway路由表中删除静态路由

要删除以前添加的静态路由,请使用以下命令并指定CIDR块和路由表ID。

CIDR="192.168.0.0/32"
TGW_RT_ID=tgw-rtb-00011122233344455

aws ec2 delete-transit-gateway-route \
  --transit-gateway-route-table-id ${TGW_RT_ID} \
  --destination-cidr-block ${CIDR}

以下输出将状态显示为已删除,表明已成功从路由表中删除了给定的静态路由。

{
  "Route": {
    "DestinationCidrBlock": "192.168.0.0/32",
    "TransitGatewayAttachments": [
      {
          "ResourceId": "vpc-11122233344455566",
          "TransitGatewayAttachmentId": "tgw-attach-00011122233344aaa",
          "ResourceType": "vpc"
      }
    ],
    "Type": "static",
    "State": "deleted"
  }
}

如果路线不对’t exist, you’会得到这个错误信息:

调用DeleteTransitGatewayRoute操作时发生错误(InvalidRoute.NotFound):运输网关路由表tgw-rtb-00011122233344455中不存在路由192.168.0.0/32。

12.以JSON格式将路由表导出到S3存储桶

当路由表上有多个静态路由时,可以将它们导出为JSON文件并将其存储在S3存储桶中。可以将其作为备份静态路由的一种方式。

TGW_RT_ID=tgw-rtb-00011122233344455
S3_BUCKET=tgs-tgw-backup

aws ec2 export-transit-gateway-routes \
  --transit-gateway-route-table-id ${TGW_RT_ID} \
  --s3-bucket ${S3_BUCKET}

输出显示完整的文件夹结构和由上述命令在给定的S3存储桶下创建的导出文件名。

{
    "S3Location": "s3://tgs-tgw-backup/VPCTransitGateway/TransitGatewayRouteTables/111111111111_us-east-1_tgw-rtb-00011122233344455_2020-10-03T21-12-06.json"
}

以下是上述JSON导出文件内容的示例。

{
"routes": [
  {
    "destinationCidrBlock": "10.0.0.0/20",
    "transitGatewayAttachments": [
      {
        "resourceId": "vpc-11122233344455566",
        "transitGatewayAttachmentId": "tgw-attach-00011122233344aaa",
        "resourceType": "vpc"
      }
    ],
    "type": "propagated",
    "state": "active"
  }
]
}

如果您喜欢这篇文章,您可能还会喜欢..

  1. 50个Linux Sysadmin教程
  2. 50个最常用的Linux命令(包括示例)
  3. 排名前25位的最佳Linux性能监视和调试工具
  4. 妈妈,我找到了! – 15个实用的Linux Find命令示例
  5. Linux 101 Hacks第二版电子书 Linux 101黑客手册

Bash 101 Hacks书 Sed和Awk 101黑客手册 Nagios Core 3书 Vim 101黑客手册

{ 0 评论… 加一 }

发表评论