AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

specify metric in static routes

0

Hello,

Would it be possible to specify metric in static routes?

We have setup a Site-to-Site VPN with an external customer gateway.

According to the documentation at https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNRoutingTypes.html "On a Site-to-Site VPN connection, AWS selects one of the two redundant tunnels as the primary egress path. This selection may change at times, and we strongly recommend that you configure both tunnels for high availability, and allow asymmetric routing."

Our amazon side has two tunnels with equal priority (metric). The remote (customer) side is a Fortigate firewall. Unfortunately, the customer has specified different metrics on their tunnels, making one on the tunnels act as "primary" and the other acting as "secondary".

This discrepancy between the two sides, amazon being asymmetric vs. customer being fixed primary/secondary is a problem, we don't have traffic flowing smoothly in the tunnels.

Is there an option on the amazon side to set a corresponding metric on the tunnels, making them equivalent to the customer's settings, i.e. primary/secondary ?

Thanks, Sot.

주제
네트워킹 및 콘텐츠 전송
태그
아마존 VPC
언어
English
stsimb
질문됨 2년 전496회 조회
2개 답변
4

For the purposes of this answer I've assumed you're running a VPC-attached Virtual Private Gateway.

The documentation is correct - you can't specific a metric as the tunnel selection is within the VPN service and therefore either tunnel could be used.

Another option is to use Transit Gateway; that allows for both tunnels on the same VPN connection to be used simultaneously (using ECMP) or for you to configure two different tunnels and advertise different routes and metrics for the tunnels using BGP. It is a more complex setup but it does give you greater flexibility.

profile pictureAWS
전문가
Brettski-AWS
답변함 2년 전
AWS
전문가
Hernito
검토됨 2년 전
  • stsimb
    2년 전

    Hello @brettski, thank you very much for your anwer.

    Our customer doesn't want to use BGP, that's why we're using static routing.

    If we used a Transit Gateway, would we have an option to set the metric per tunnel and avoid ECMP (because the customer wants priorities, not equal cost paths) ?

0

Agree with what Brettski replied, that TGW gives your customer more flexibility and control. However, if static routing is the only option, your customer won't be able to select one tunnel over another.

I challenge you to dive a bit deeper into the reasons why:

  1. BGP isn't an option
  2. there is the desire to privilege one tunnel over another.
AWS
nico_aws
답변함 2년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠