Tech Matchups: Transit Gateway vs Hub-and-Spoke VPC Peering
Overview
Transit Gateway is a managed service that connects multiple VPCs and on-premises networks in a centralized hub-and-spoke model.
Hub-and-Spoke VPC Peering manually connects a central VPC (hub) to multiple VPCs (spokes) using peering connections for inter-VPC communication.
Both enable VPC interconnectivity: Transit Gateway for scalability, Hub-and-Spoke Peering for manual control.
Section 1 - Architecture and Scalability
Transit Gateway acts as a regional hub—e.g., connecting 20 VPCs and a VPN with a single gateway. Setup takes ~10 minutes, with automated routing.
Hub-and-Spoke Peering requires manual peering connections—e.g., a hub VPC peering with 10 spoke VPCs, needing 10 peering connections. Setup takes ~30 minutes.
Transit Gateway scales to thousands of VPCs; Hub-and-Spoke Peering struggles beyond 10 spokes due to manual management. Transit Gateway is automated; Peering is labor-intensive.
Scenario: Transit Gateway for a 50-VPC enterprise; Hub-and-Spoke for a 5-VPC startup.
Section 2 - Routing Complexity
Transit Gateway uses a centralized route table—e.g., one rule propagates 10.0.0.0/16 to all attached VPCs. Supports dynamic routing via BGP and CIDR overlap resolution.
Hub-and-Spoke Peering requires manual route table updates in hub and spoke VPCs—e.g., adding 10.1.0.0/16 to each spoke’s route table. CIDR overlaps break connectivity.
Scenario: Transit Gateway adds a new VPC with one attachment; Hub-and-Spoke needs multiple route updates. Transit Gateway simplifies; Peering complicates.
Section 3 - Cost Considerations
Transit Gateway charges per attachment-hour ($0.05 in us-east-1) and data processing ($0.02/GB). Example: 10 VPCs with 1TB/month costs ~$360 ($340 hourly + $20 data).
Hub-and-Spoke Peering incurs data transfer costs ($0.02/GB cross-AZ in us-east-1). Example: 1TB/month across 10 peers costs ~$20.40. No hourly fees.
Scenario: Hub-and-Spoke is cheaper for small setups; Transit Gateway saves management costs at scale.
Section 4 - Use Case Scenarios
Transit Gateway suits large-scale or hybrid networks—e.g., connecting 30 VPCs and Direct Connect for a global app.
Hub-and-Spoke Peering fits small, controlled environments—e.g., linking 5 VPCs for a regional project with strict oversight.
Scenario: Transit Gateway for a corporate network; Hub-and-Spoke for a pilot project.
Section 5 - Comparison Table
| Aspect | Transit Gateway | Hub-and-Spoke Peering |
|---|---|---|
| Scalability | Thousands of VPCs | ~10 VPCs |
| Routing | Centralized, Dynamic | Manual, Static |
| Cost | Attachment + Data | Data Only |
| Setup | Automated | Manual |
| Best For | Large Networks | Small Setups |
Transit Gateway for scale, Hub-and-Spoke for control. Choose based on size and automation needs.
Conclusion
Transit Gateway and Hub-and-Spoke VPC Peering enable VPC interconnectivity with different strengths. Transit Gateway offers scalable, automated networking for large or hybrid environments. Hub-and-Spoke Peering provides manual, cost-effective connectivity for small, controlled setups.
Weigh scale (large vs. small), routing (dynamic vs. static), and cost (hourly vs. data). Use Transit Gateway for enterprise networks, Hub-and-Spoke for small projects—or transition from Peering to Transit Gateway as networks grow.