- Le plus récent
- Le plus de votes
- La plupart des commentaires
In your case you will be using Transit virtual interface + Direct Connect gateway + Transit Gateway, the prefixes advertised to on-premises would be controlled via the allowed prefixes field under Direct Connect gateway.
In the allowed prefixes you can define the 3 subnets that you wish to establish the connectivity with on-premises., and on-premises will only receive those three subnets CIDRs.
Below are two guides goes through the same, https://repost.aws/knowledge-center/direct-connect-vpc-bgp https://docs.aws.amazon.com/directconnect/latest/UserGuide/allowed-to-prefixes.html#allowed-to-prefixes-transit-gateway
Hello.
As you recognize, when route propagation is enabled, the CIDR of the VPC is advertised as the route.
However, we thought we could control communication with the on-premises by configuring routing to the Transit Gateway only in the route table of the subnet we want to communicate with the on-premises.
In other words, communication with on-premises is not possible unless a route destined to the Transit Gateway is set in the route table for the subnet that does not communicate with on-premises.
So we thought there would be no problem with advertising the VPC's CIDR to the on-premises route.
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- demandé il y a 7 mois
- demandé il y a 2 mois
- AWS OFFICIELA mis à jour il y a 6 mois
- AWS OFFICIELA mis à jour il y a un an