1 Answer
- Newest
- Most votes
- Most comments
0
The peer BGP IP address, from the point of view of the AWS side of the Site-to-site VPN connection, is defined as follows from the "inside IPv4 CIDR range /30":
- The odd IP is for AWS side
- The even IP is for remote BGP neighbor
So for instance if you define the CIDR as "169.254.165.120/30", AWS side IP will be 169.254.165.121/30 and remote BGP neighbour 169.254.165.122/30
Regarding ensuring that BGP is established when the remote side BGP is configured in passive mode, I have replicated this scenario in lab, by configuring the remote BGP in passive/listening mode, and I can confirm that AWS side automatically initiates BGP/TCP/179 sessions from AWS side accordingly and the communication completes successfully with BGP route propagation etc, so you should not need to do anything special to have that behaviour.
answered 23 days ago
Relevant content
- asked a year ago
- Accepted Answerasked 2 years ago
- Accepted Answerasked 10 months ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- How do I monitor my transit gateway and Site-to-Site VPN on a transit gateway using Network Manager?AWS OFFICIALUpdated 2 years ago
Thank you for providing a clear description of how BGP operates in AWS. However, I've encountered a challenge related to the Cisco Secure Access VPN headend, as it operates similarly. It utilizes the IP addresses 169.254.0.9/30 and 169.254.0.5/30 as the endpoints for BGP sessions. I plan to reach out to Cisco Support to address this from their end. In the meantime, I'm curious if there are any workarounds within AWS that could help resolve this interoperability issue. Any insights would be greatly appreciated.