How to advertise remote VPC subnets into a local VPC Direct connect connection

0

Hi, I need to achieve the following... VPC-1: 192.168.10.0/22 VPC-2: 192.168.50.0/24 and have a direct connect connection (VPG-Private VIF)

I have created a transit gateway with attachments to VPC-1 and VPC-2 (VPC type) and added a static routes to reach each other subnets. I have also added a static route in VPG routing table for 192.168.10.0/22 with target as "Transit GW". I am able to see only 192.168.50.0/24 in my on-premise router through BGP but not VPC-1 subnet.

How can I advertise VPC-1 network through BGP through VPC-2 direct connection?

Pls advise.

Regards... Ashok.

2回答
0

To advertise the remote VPC-1 subnet (192.168.10.0/22) through the Direct Connect connection of VPC-2, you'll need to make some adjustments to your current setup. Here's how you can achieve this:

  1. Transit Gateway Route Tables: Ensure that you have two transit gateway route tables: one for VPC attachments (let's call it TGW RT-1) and another for the Direct Connect gateway attachment (TGW RT-2).

  2. Route Table Associations:

    • Associate VPC-1 and VPC-2 attachments with TGW RT-1.
    • Associate the Direct Connect gateway attachment with TGW RT-2.
  3. Route Propagation:

    • In TGW RT-1, propagate the route for the Direct Connect gateway attachment.
    • In TGW RT-2, propagate the routes for VPC-1 and VPC-2 attachments.
  4. VPC Route Tables: In both VPC-1 and VPC-2 subnet route tables, add a static route for the other VPC's CIDR that points to the transit gateway ID.

  5. Direct Connect Gateway: Create a Direct Connect gateway and associate it with your transit gateway. When associating, make sure to include both VPC CIDRs (192.168.10.0/22 and 192.168.50.0/24) in the "Allowed Prefixes" field.

  6. Virtual Private Gateway (VGW): Instead of adding a static route in the VGW routing table, associate the VGW with the Direct Connect gateway. This will allow the VGW to learn routes from the transit gateway through the Direct Connect gateway.

  7. BGP Configuration: On your on-premises router, ensure that BGP is configured to accept and propagate the routes received from the Direct Connect connection.

By following these steps, both VPC-1 (192.168.10.0/22) and VPC-2 (192.168.50.0/24) subnets should be advertised through BGP to your on-premises router via the Direct Connect connection. The transit gateway will handle routing between the VPCs and the Direct Connect gateway, allowing traffic to flow between all networks.
Sources
Use on-premises firewall with DC transit VIF to route VPC traffic | AWS re:Post
Access to remote AWS Direct Connect Regions - AWS Direct Connect

profile picture
回答済み 2ヶ月前
profile picture
エキスパート
レビュー済み 2ヶ月前
0

Please check this AWS documentation. I believe you are trying to deploy Option2. So Transit Gateway isn't needed unless you need to allow communication between VPC1 and VPC2. https://docs.aws.amazon.com/whitepapers/latest/building-scalable-secure-multi-vpc-network-infrastructure/direct-connect.html

The Direct Connect Gateway acts as the intermediary, aggregating the routes from all connected VGWs before sending them to your customer router. So you need to associate your multiple VGWs to the DXGW.

But if you want to build a mesh network (yet segmentation is possible), you need to explore provisioning Transit VIF. In that case, your set up will be like VPC1 > TGW > DXGW > Transit VIF > Customer Gateway. The same follows for VPC2. You will have to add the CIDRs you want to advertise to your CGW during the TGW association to DXGW step.

Let me know which of the options you are leaning to, then I can help with the follow up questions.

profile pictureAWS
エキスパート
回答済み 2ヶ月前
profile picture
エキスパート
レビュー済み 2ヶ月前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ