En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

How to stop advertising default route in s2s VPN with BGP

0

Hi All, I have multiple s2s VPN connections from AWS (built on Transit Gateway) to other clouds (GCP and Azure). I have set up the tunnel options to only advertise specific subnets on the AWS side, but I still see 0.0.0.0/0 route is being advertised from AWS to others for example GCP! how can I stop that? this is causing an issue because I do not want in any outage scenario the other end (GCP or Azure) exits from AWS! I'd appreciate any help

Sujets
Réseaux et diffusion de contenu
Balises
Réseaux et diffusion de contenuPasserelle de transit AWSAWS Virtual Private Network (VPN)
Langue
English
Maryam
demandé il y a un an787 vues
2 réponses
0

The way to control route propagation over BGP for VPN is with TGW route tables. You can create a new TGW route table just for the VPN tunnel(s) and then only propagate the routes that are needed.

profile pictureAWS
EXPERT
Tushar_J
répondu il y a un an
  • awslc
    il y a un an

    Same, or you could use blockhole to prevent route back

0

AWS will advertise 0.0.0.0/0 if it exists in the TGW routing table just like any other route. You can create a filter on your CGW under the BGP neighbor definition to filter 0.0.0.0/0 route. This way, you will continue receiving and installing all the desired routes from the TGW except 0.0.0.0/0 route.

profile pictureAWS
mml
répondu il y a un an

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents