By using AWS re:Post, you agree to the AWS re:Post Terms of Use

VPC-Enable a static default route to AWS Direct connection-How to?

0

Hi, I have a VPC with VPG having AWS Direct connect connection on Private VIF. VPG also have 3 x Site to Site VPNs.

I just want to define a default static route on VPG or ANY other solution to point all my outbound traffic towards from VPC to my AWS Direct connect connection without relying on BGP routes on AWS Direct connect connection as they are more than 100?

I see great lack of flexibility on VPG to meet even so-called basic routing requirements to define a static route like this.

Pls advise.

2 Answers
1

You should set your on-premises routers explicitly to advertise only 0.0.0.0/0 over BGP towards AWS, instead of advertising all the hundreds of routes that the routers know about natively.

Within your VPC, you can have a static 0.0.0.0/0 route pointing to your virtual private gateway (for which the standard abbreviation is VGW, not VPG) or let the on-premises-advertised default route propagate to your VPC's route tables. It doesn't make a functional difference which of these options you choose, as long as there are no competing routes to take priority over.

You should place a direct connect gateway (DXGW) between your direct connect VIF and the VGW, instead of connecting the VIF directly to the VGW. The latter will technically work, but the former is recommended, because it allows AWS's network backbone to identify multiple connections associated with the same DXGW as being meant to provide redundancy. Plugging multiple VIFs directly to a VGW isn't guaranteed to do so.

EXPERT
answered a month ago
profile picture
EXPERT
reviewed a month ago
  • Hi Leo, Thank you.

    I have challenge of originating a default route from other end. As I can't rely on BGP due to routes limitation on Private VIF, having a static default route defined to AWS Hosted direct connect connection would help.

    Instead of VGW, Transit VG would help in this regard? I think this needs re-association through Transit VIF from my partner but can define a static route but not sure whether I can point static default route to AWS Hosted direct connect connection?

  • Hi Boinpally, I'm afraid there's no option but to use BGP between on-prem and AWS. Also with transit gateways (TGW), a DXGW between it and on-premises would have to exchange routes over BGP. In my professional experience, advertising the default route 0.0.0.0/0 or broadly summarised internal networks, such as 10.0.0.0/8, has worked without any issues for closer to 10 years, and the design avoids the issue of having to deal with the limitations on the number of advertised/received routes.

  • Hi Leo, Thank you. Let me put further detail here.

    AWS India (VPC) <-> AWS DX Private VIF <-> Partner MPLS <-> Our MPLS <-> AWS DX Public VIF <-> AWS Ireland/Genesys EU The objective is to receive Genesys Public subnets (right hand side) into our VPC in AWS India VPC. We tested with only 3 routes at our partner proving Hosted connection to us and now think that Genesys BGP route getting dropped bcoz of AWS ASN for 52.129.106.0/24 after receiving at our VPC in India as we see other 2 x routes successfully. show router xx bgp neighbor x.x.x.105 advertised-routes

    BGP IPv4 Routes

    Flag Network LocalPref MED Nexthop (Router) Path-Id Label As-Path

    i 52.129.106.0/24 n/a None 10.1.1.101 None - xx xx xx 7224 7224 16509 i 10.1.1.0/24 n/a None 10.1.1.101 None - xx 65100 i 10.5.50.0/24 n/a None 10.1.1.101 None - xx 65100

    Routes : 3

    Any inputs? Ashok.

0

In the routing tables for the VPC/Subnets, you can create a default route of 0.0.0.0/0 to the VPG.

Its very straight forward

profile picture
EXPERT
answered a month ago
  • Hi Gary, This is already defined but any destination outside learned BGP routes and Site-Site VPNs is not going through AWS Direct connect connection with destination unreachable error locally itself. Devices within VPC are reaching to VPG for any destination because of the default route but getting dropped then after.

  • You'll need BGP between on premises and AWS @Boinpally. The static route from the VPC to the VGW won't take the packets any further than the VGW.

  • Appologies I miss understood.. Thanks Leo, your correct

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions