AWS announces AWS Interconnect – multicloud (preview), providing simple, resilient, high-speed private connections to other cloud service providers. AWS Interconnect - multicloud is easy to configure and provides high-speed, resilient connectivity with dedicated bandwidth, enabling customers to interconnect AWS networking services such as AWS Transit Gateway, AWS Cloud WAN, and Amazon VPC to other cloud service providers with ease.
How do I monitor transit gateway route tables in Transit Gateway to confirm route propagation and identify configuration changes?
I set up transit gateway route tables and propagation in AWS Transit Gateway. I want to monitor my transit gateway route tables to identify missing routes and verify that the route tables propagate correctly.
Resolution
Note: You can perform the following actions only in the AWS account that owns the transit gateway. You can't view route tables in accounts that use a shared transit gateway.
Verify your route table configuration and propagation
Verify that you associated each attachment with its intended route table. Also, verify that you turned on route propagation for the attachment in the route table.
Check your transit gateway route tables to confirm that they contain all the expected routes.
Static routes take precedence over propagated routes with the same destination. To override a propagated route, add a static route. If you remove a static route, then the transit gateway prioritizes overlapping propagated routes in the route table.
Troubleshoot missing routes
Check whether the route table's associated attachments are available. For VPN and AWS Direct Connect attachments, verify that the Border Gateway Protocol (BGP) connection is active and shows UP. Also, verify that BGP configuration correctly advertises routes.
Check whether static routes override propagated routes.
Use the AWS CLI to view routes
Note:
- If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.
- In the following commands, replace 12345678901234567 with your route table ID and S3-BUCKET-NAME with your Amazon Simple Storage Service (Amazon S3) bucket name.
- The default value for the number of routes that the search-transit-gateway-routes command returns is 1000. To specify another number, change the max-results value to a number that's between 5 and 1000.
To search for specific prefixes, run the following search-transit-gateway-routes command:
aws ec2 search-transit-gateway-routes --transit-gateway-route-table-id rtb-12345678901234567 --filters "Name=type,Values=static" --max-results 1000
To filter by route types, run the following search-transit-gateway-routes command:
aws ec2 search-transit-gateway-routes --transit-gateway-route-table-id rtb-12345678901234567 --filters "Name=type,Values=propagated" --max-results 1000
To view all routes and export the transit gateway route table to an Amazon S3 bucket, run the following export-transit-gateway-routes command:
aws ec2 export-transit-gateway-routes --transit-gateway-route-table-id rtb-12345678901234567 --s3-bucket S3-BUCKET-NAME --file-format json
To search for a specific CIDR block in the exported file, run the following cp command:
aws s3 cp s3://S3-BUCKET-NAME/my-file.json - | jq '.Routes[] | select(.DestinationCidrBlock == "10.0.0.0/16")'
Set up alerts for configuration changes
To monitor changes to your route table configuration, take the following actions:
- Create an AWS CloudTrail trail to monitor transit gateway API calls.
- Create metric filters for your CloudTrail log group to monitor configuration changes, and then create an Amazon CloudWatch alarm for the metrics. For more information, see How do I use CloudWatch alarms to monitor CloudTrail events?
- Regularly review route tables, associations, and propagations to confirm that they match your network requirements.
Related information
- Language
- English
Relevant content
asked 6 years ago- asked 2 years ago
