By using AWS re:Post, you agree to the Terms of Use

How do we correctly link the DC Gateway into the VPC, is a VG required?


I'm struggling to get my head around a lot of the AWS information.

We have a Direct Connection and it's half working. The DC Gateway has a virtual interface that links to my onsite hardware.

Ping works. BGP works.

The DC has no other associated gateways.

I think what I'm supposed to do is create a Virtual Private gateway that links to a VPC. I can do this, and it sort of works, to the extent that the subnets that are in the VPC can be successfully advertised over the BGP session to my hardware.

However, it doesn't actually work because I can't exchange traffic with IP addresses inside the VPC from my onsite hardware anyway.

So what gives me pause here is when I try to create the Private gateway, the string appears:

"A virtual private gateway is the router on the Amazon side of the VPN tunnel."

but I don't want AWS to setup a VPN tunnel. Also that VPG wants an AS configured, which implies that it wants to do BGP peering into the VPC with some device that's talking BGP back to it, which doesn't seem right to me.

So how and where do I configure the VPC side of the DC gateway? Where do I type in a static IP that will be the default gateway for my VPC's subnet, so that the instances can send packets to that IP which will arrive at the hardware end of my AWS DC?

Also -- with no traditional console access to the "router" that forms the AWS side of the DC, how do we do packet captures and other debugging to find out where packets are being lost?

Edited by: DC-Client on Sep 1, 2021 4:25 PM

1 Answer
Accepted Answer

Virtual private gateway (VGW) is part of a VPC that provides edge routing for AWS managed VPN connections and Direct Connect connections. You associate a Direct Connect gateway with the virtual private gateway for the VPC.
Use AWS Direct Connect gateway to connect your VPCs. You associate an AWS Direct Connect gateway with either of the following gateways:
A transit gateway when you have multiple VPCs in the same Region
A virtual private gateway
You can also use a virtual private gateway to extend your Local Zone. This configuration allows the VPC associated with the Local Zone to connect to a Direct Connect gateway. The Direct Connect gateway connects to an AWS Direct Connect location in a Region.

profile picture
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions