Direct Connect Hide VPC CIDR Blocks from BGP Peer
My customer will have Kubernetes clusters with thousands of pods. Each pod will get a IP address. They don't want all these IPs to be propagated back to on-premises network. Just want the host EC2 IPs to be propagated. Is this possible and how to selectively hide CIDR in VPC when they are using BGP Dynamic routing.
- 최신
- 최다 투표
- 가장 많은 댓글
The only way to do it today on AWS side is via allowed prefixes on DXGW with TGW (not in all Regions yet): https://docs.aws.amazon.com/directconnect/latest/UserGuide/allowed-to-prefixes.html
To give you an idea, VPC could have 2 CIDR ranges. Primary used for EC2 and the other for CIDR for containers. You'd only allow (originate) the primary prefix on DXGW in this case and the other CIDR would not be advertised.
Customer of course could always just filter out whatever CIDRs they don't want on their end. Fairly trivial but you'd want to use at least 2 x CIDRs in your VPC to make their life simpler.
관련 콘텐츠
AWS 공식업데이트됨 일 년 전- AWS 공식업데이트됨 일 년 전
