By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Transit gateway decision routing to same prefix, coming from multiple Direct Connect Gateways

1

Hello guys,

I have a question for which I'm not really sure about the expected behaviour. Attached a drawing for reference. TGW with multiple DX-GWs

The question is: I have a transit gateway in one region, with a bunch of VPC attachments and DX-GW A attachment used. I have to deploy another DX-GW B and attach it to the same transit gateway. TGW route tables used are going to be different, one (A) used by VPCs and DX-GW A and a new one (B) used by DX-GW B only. The first one has propagation enabled from VPCs and both DX-GWs, whereas the second one only from VPCs. Regions of dxconnections are different, but I don't think that matters since we're using DX-GWs.

Same allowed prefixes x.x.x.x/zz and y.y.y.y/jj are advertised from both DX-GWs to on-premises, and same prefix advertised by on-prem to AWS as well (a.a.a.a/bb), but with AS-path prepending from the DX-GW A VIFs.

Now, what would the transit gateway route table (A) for VPCs show as destination for the on-prem a.a.a.a/bb prefix? Am I in the right assumption that, the TGW will choose the destination DX-GW attachment for a.a.a.a/bb based on the BGP best path decision from both DX-GWs? What I mean is that, as long as I prepend the prefixes from DX-GW A, TGW will choose the destination attachment DX-GW B to route the prefix to on-prem. If I want to switch traffic to instead, choose the other DX-GW path, I can just play with BGP attributes on the advertised prefix from on-prem and I should be able to migrate from one path to another...is that correct, or am I missing something here?

Thanks!

Topics
Networking & Content Delivery
Tags
AWS Direct ConnectAWS Transit Gateway
Language
English
rePost-User-2852604
asked a year ago659 views
3 Answers
0

Thanks for the answers guys! Thanks for the articles and links as well! Yeah I'm aware that DX-GW is a global construct, and the reason we're moving to another one is simply bureaucratic and legal, what I mean is that it has to be owned by the same account that owns the transit gateway, and not another account as it's currently DX-GW A, that's the only reason...otherwise I would end up both connections/vifs to the current. As far as I know there's no way to move the ownership of DX-GW from one account to another.

rePost-User-2852604
answered a year ago
0

See this Knowledge center article which describes your scenario:

https://aws.amazon.com/premiumsupport/knowledge-center/direct-connect-private-transit-interface/

It also explains methods you can use for more predictable routing.

One other point to note is that DXGW is a globally available resource and you really don't need the second DXGW unless you are hitting some sort of limit.

See this from FAQ:

Q: What is an AWS Direct Connect gateway?

An AWS Direct Connect gateway is a grouping of virtual private gateways (VGWs) and private virtual interfaces (VIFs). An AWS Direct Connect gateway is a globally available resource. You can create the AWS Direct Connect gateway in any Region and access it from all other Regions.

profile pictureAWS
EXPERT
Tushar_J
answered a year ago
0

First, this is a great diagram depicting your scenario. Second, and to your question, assuming that we are advertising the same prefix (a.a.a.a/bb) from on-premises over all DX and DX_GW's, I would expect that the route selected by Transit Gateway would be the one with the lowest AS_PATH length (DX_GW A in your scenario).

One question here - is there a reason you're using multiple DX_GW's? Direct Connect Gateway is a global construct that's highly resilient, and we can connect multiple Direct Connect Connections to it (effectively reaching the same result I believe you're targeting). You may also consider thinking about how your on-premises locations are choosing to route traffic back to AWS, and for this you could use BGP communities with local preference to perform this. There are some great resources out there that cover active/passive Direct Connect architectures including this one.

Also, this article may be helpful in describing further the use of BGP AS_PATH prepending and BGP community tags to influence route selection. https://aws.amazon.com/premiumsupport/knowledge-center/on-premises-direct-connect-traffic/

Please mark this answer as accepted if helpful!

profile pictureAWS
Darren R
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content