AWS announces AWS Interconnect – multicloud (preview), providing simple, resilient, high-speed private connections to other cloud service providers. AWS Interconnect - multicloud is easy to configure and provides high-speed, resilient connectivity with dedicated bandwidth, enabling customers to interconnect AWS networking services such as AWS Transit Gateway, AWS Cloud WAN, and Amazon VPC to other cloud service providers with ease.
How can I use BGP communities to influence the preferred routing path on Direct Connect links from AWS to my network?
I want to use Border Gateway Protocol (BGP) communities to influence the preferred routing path on AWS Direct Connect links from AWS to my network.
Short description
To configure private and transit virtual interfaces to prioritize the interface that AWS uses to route traffic to your network, use the AS_PATH attribute. Direct Connect also supports local preference BGP community tags to control the route preference of traffic on private and transit virtual interfaces.
Note: AWS routers evaluate local preference BGP community tags before they evaluate the AS_PATH attribute.
Resolution
Apply community tags and prepend AS_PATH attributes
Direct Connect supports the following local preference BGP community tags:
- 7224:7100 Low preference
- 7224:7200 Medium preference
- 7224:7300 High preference
Direct Connect evaluates local preference BGP community tags from lowest to highest preference.
To use community tags and AS_PATH attributes, take the following actions:
- For each prefix that you advertise over a BGP session, apply a community tag to show the associated path's priority for returning traffic.
- When you advertise from an on-premises router to AWS, prepend additional AS_PATH attributes to the prefixes. Direct Connect prioritizes the path with the fewest AS_PATH attributes for returning traffic.
For example, you have virtual interfaces A and B, and you're advertising prefixes 10.10.10.0/24 and 10.20.20.0/24 to AWS. To make virtual interface A the preferred routing path for traffic to network 10.10.10.0/24, apply higher preference tag 7224:7300 to prefix 10.10.10.0/24 on the BGP session. To make virtual interface B the preferred routing path for traffic to network 10.20.20.0/24, apply higher preference tag 7224:7300 to prefix 10.20.20.0/24 on the BGP session.
If you don't use BGP community tags to specify local preference for private virtual interfaces, then the outbound routing behavior defaults to an AWS Region. In this case, the behavior is based on the Direct Connect location's relative distance to the originating Region. If the relative distance costs aren't equal, then Autonomous System (AS) prepending can't influence routing behavior. Direct Connect evaluates the lowest distance relative cost before you prepend AS_PATH.
To load balance traffic across multiple AWS Direct Connect connections, apply the same community tag across the prefixes for the connections.
Configure AS_PATH and BGP community attributes
You must configure AS_PATH prepending and BGP community tags on an on-premises router. Advertise the prefixes from the on-premises router to the Direct Connect router. Because you can use any routing device, use a configuration that's specific to your vendor's router.
For more information about AS_PATH prepending for on-premises routers from common vendors, see the following documentation:
- Example: Configuring a routing policy for AS path prepending on the Juniper website.
- How to configure eBGP with AS path prepend for specific prefixes on the Palo Alto Networks website.
- BGP AS path prepending on the Cisco website.
For more information about BGP community configuration for on-premises routers from common vendors, see the following documentation:
- Example: Configuring communities in a routing policy on the Juniper website.
- Add multiple community attribute to BGP routes on the Palo Alto Networks website.
- Configure an upstream provider network with BGP community values on the Cisco website.
The following example configuration prepends an AS_PATH for prefix 10.0.0.0/8 on a Cisco router and advertises the prefix to AWS:
Router(config)#access-list 10 permit 10.0.0.0 0.255.255.255 Router(config)#route-map cisco permit 10 Router(config-route-map)#match ip address 10 Router(config-route-map)#set as-path prepend 650014 650014 Router(config-route-map)#exit Router(config)#route-map cisco permit 20 Router(config-route-map)#exit Router(config)#router bgp LOCAL_AS Router(config-router)#neighbor NEIGHBOR_IP route-map cisco out Router(config-router)#end
The following example configuration advertises prefix 10.0.0.0/8 with the BGP community tag 7224:7300 from a Cisco router to AWS:
Router(config)#access-list 10 permit 10.0.0.0 0.255.255.255 Router(config)#route-map cisco permit 10 Router(config-route-map)#match ip address 10 Router(config-route-map)#set community 7224:7300 Router(config-route-map)#exit Router(config)#route-map cisco permit 20 Router(config-route-map)#exit Router(config)#router bgp LOCAL_AS Router(config-router)#neighbor NEIGHBOR_IP send-community Router(config-router)#neighbor NEIGHBOR_IP route-map cisco out Router(config-router)#end
Note: In the preceding examples, replace LOCAL_AS with your AS number and NEIGHBOR_IP with the IP address of your BGP peer.
Related information
Public virtual interface BGP communities
- Language
- English
"Direct Connect evaluates local preference BGP community tags from lowest to highest preference." - shouldn't this be the other way round? i.e. evaluate from highest preference (7300) first... then medium preference (7200) ... then lowest preference (7100)?
i.e. 7300 should take priority, over 7200, over 7100?
Relevant content
- asked a year ago
- asked a year ago
- asked 3 years ago
- asked 9 months ago
- AWS OFFICIALUpdated 4 years ago
