Transit gateway operates at layer 3 of the Open Systems Interconnection (OSI) model. Layer 3 is the network layer, which sits between the data link layer (layer 2) and the transport layer (layer 4). This layer handles the forwarding of packets and communication with routers along the network path from the origin to the destination.

Transit Gateway greatly simplifies connecting multiple VPCs by allowing you to configure your network as a hub and spoke design, where each VPC (a spoke) only needs to be connected to the gateway (the hub). VPN connections can also be connected to the hub to enable hybrid connectivity scenarios with on-premises networks.

The Transit Gateway default route table is automatically configured with the routes that are needed to connect your VPCs. VPN connection routes are propagated to the network in your data center by means of the Border Gateway Protocol (BGP). You can also create route tables manually in order to segment network traffic.

Using AWS Resource Access Manager (RAM), you can share your Transit Gateway with other accounts so that the VPCs in that account can connect to your networks.