Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

How to stop advertising default route in s2s VPN with BGP

0

Hi All, I have multiple s2s VPN connections from AWS (built on Transit Gateway) to other clouds (GCP and Azure). I have set up the tunnel options to only advertise specific subnets on the AWS side, but I still see 0.0.0.0/0 route is being advertised from AWS to others for example GCP! how can I stop that? this is causing an issue because I do not want in any outage scenario the other end (GCP or Azure) exits from AWS! I'd appreciate any help

Temas
Redes y entrega de contenido
Etiquetas
Redes y entrega de contenidoAWS Transit GatewayRed privada virtual (VPN) de AWS
Idioma
English
Maryam
preguntada hace un año789 visualizaciones
2 Respuestas
0

The way to control route propagation over BGP for VPN is with TGW route tables. You can create a new TGW route table just for the VPN tunnel(s) and then only propagate the routes that are needed.

profile pictureAWS
EXPERTO
Tushar_J
respondido hace un año
  • awslc
    hace un año

    Same, or you could use blockhole to prevent route back

0

AWS will advertise 0.0.0.0/0 if it exists in the TGW routing table just like any other route. You can create a filter on your CGW under the BGP neighbor definition to filter 0.0.0.0/0 route. This way, you will continue receiving and installing all the desired routes from the TGW except 0.0.0.0/0 route.

profile pictureAWS
mml
respondido hace un año

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante