How to stop advertising default route in s2s VPN with BGP

0

Hi All, I have multiple s2s VPN connections from AWS (built on Transit Gateway) to other clouds (GCP and Azure). I have set up the tunnel options to only advertise specific subnets on the AWS side, but I still see 0.0.0.0/0 route is being advertised from AWS to others for example GCP! how can I stop that? this is causing an issue because I do not want in any outage scenario the other end (GCP or Azure) exits from AWS! I'd appreciate any help

2 Antworten
0

The way to control route propagation over BGP for VPN is with TGW route tables. You can create a new TGW route table just for the VPN tunnel(s) and then only propagate the routes that are needed.

profile pictureAWS
EXPERTE
beantwortet vor einem Jahr
  • Same, or you could use blockhole to prevent route back

0

AWS will advertise 0.0.0.0/0 if it exists in the TGW routing table just like any other route. You can create a filter on your CGW under the BGP neighbor definition to filter 0.0.0.0/0 route. This way, you will continue receiving and installing all the desired routes from the TGW except 0.0.0.0/0 route.

profile pictureAWS
mml
beantwortet vor einem Jahr

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen