how to enable route propagation in the routing tables
I hope all is well. I am working on a project to move our infrastructure to terraform and have the Infrastructure as Code. Route propagation is not working in our test account however I copied everything that we have in our main account. I know there is no limitation for routings and it should be a technical config issue. 3 VPCs (Prod, Dev, Stage) are going to route traffic to the internet through 1 VPC (DMZ) and 1 IGW in the DMZ. In the main account the routing is working fine but in the test account the propagation does not change to enabled ("yes").
If you are using VPC Peering between the 3 VPCs (prod, dev, stage) to connected to the DMZ VPC then what you are attempting is not possible because this becomes Transitive routing which is not supported.
See the Example: 'Edge to edge routing through an internet gateway' in the below link:
https://docs.aws.amazon.com/vpc/latest/peering/invalid-peering-configurations.html
Centralized internet egress is however possible with TransitGateway.
This pattern is described in this link along with routing:
https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-nat-igw.html
The flow would look like below, not detail but would give you an idea:
On-premises network <== VPN ==> TGW --> VPC (NAT gateway & IGW) --> Internet
Hope this helps.
Yes, that is expected. You can propagate VGW routes into VPC route table but you can not propagate TGW routes into VPC route table, has to be Static. So there are 2 route tables - VPC RTB and TGW RTB, in VPC RTB you need to add Static route (if pointing towards a TGW) and in TGW RTB you can propagate VPC attachment in turn propagating the route for the VPC CIDR.
All I want is to route from VPCs without IGW to internet. I have 3 VPC (prod, dev, stage) which are connected to DMZ (with IGW). Routes from prod, dev, stage to DMZ or vice versa works fine. Also from DMZ I have internet access. But from prod, dev, stage I cannot go to internet. All I want is that prod, dev, stage VPCs rout to internet through DMZ with an attached IGW.
ok, please confirm how the 3 VPCs (prod, dev, stage) are connected to the DMZ VPC - by VPC Peering or via TGW (Transit Gateway) the answer would depend on that.
Honestly, I have tried both. In both the cases, I can see the connection between 3 VPCs (prod, dev, stage) and DMZ; but not 3 VPCs (prod, dev, stage) to internet. I am fine with 1 working solution either by VPC Peering or via TGW! Thanks in advance for your help!
Relevant questions
How to implement propagation algorithms in Neptune
asked 2 months agoControling BGP Route Propagation in Transit Gateway
Accepted Answerasked 2 years agoAWS Shield Advanced with Route 53
asked a month agoMultiple DNS Providers with Route 53
asked 3 years agoVPC subnet routing.
Accepted Answerasked 5 months agoGoDaddy Domain Propagation from old AWS to new AWS
asked 3 months agoHow to link a Lightsail DNS to a domain name I bought on Route 53
asked 5 years agoTransit Gateway/DX route propagation to VPC route tables
Accepted Answerasked 3 years agohow to enable route propagation in the routing tables
asked 13 days agoHow can I route OpenVPN traffic
Accepted Answerasked a month ago
Hi Tushar, Thanks for your answer. Yes, I added the static route but when I go to the VPC route table, the static routes that I added there have Propagate=No. In the current configuration on the main account that works well, all the routes connected to vgw have Propagate=Yes.