By using AWS re:Post, you agree to the Terms of Use
/how to enable route propagation in the routing tables/

how to enable route propagation in the routing tables

0

I hope all is well. I am working on a project to move our infrastructure to terraform and have the Infrastructure as Code. Route propagation is not working in our test account however I copied everything that we have in our main account. I know there is no limitation for routings and it should be a technical config issue. 3 VPCs (Prod, Dev, Stage) are going to route traffic to the internet through 1 VPC (DMZ) and 1 IGW in the DMZ. In the main account the routing is working fine but in the test account the propagation does not change to enabled ("yes").

1 Answers
0

If you are using VPC Peering between the 3 VPCs (prod, dev, stage) to connected to the DMZ VPC then what you are attempting is not possible because this becomes Transitive routing which is not supported.

See the Example: 'Edge to edge routing through an internet gateway' in the below link:

https://docs.aws.amazon.com/vpc/latest/peering/invalid-peering-configurations.html

Centralized internet egress is however possible with TransitGateway.

This pattern is described in this link along with routing:

https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-nat-igw.html

The flow would look like below, not detail but would give you an idea:

On-premises network <== VPN ==> TGW --> VPC (NAT gateway & IGW) --> Internet

Hope this helps.

answered 11 days ago
  • Hi Tushar, Thanks for your answer. Yes, I added the static route but when I go to the VPC route table, the static routes that I added there have Propagate=No. In the current configuration on the main account that works well, all the routes connected to vgw have Propagate=Yes.

  • Yes, that is expected. You can propagate VGW routes into VPC route table but you can not propagate TGW routes into VPC route table, has to be Static. So there are 2 route tables - VPC RTB and TGW RTB, in VPC RTB you need to add Static route (if pointing towards a TGW) and in TGW RTB you can propagate VPC attachment in turn propagating the route for the VPC CIDR.

  • All I want is to route from VPCs without IGW to internet. I have 3 VPC (prod, dev, stage) which are connected to DMZ (with IGW). Routes from prod, dev, stage to DMZ or vice versa works fine. Also from DMZ I have internet access. But from prod, dev, stage I cannot go to internet. All I want is that prod, dev, stage VPCs rout to internet through DMZ with an attached IGW.

  • ok, please confirm how the 3 VPCs (prod, dev, stage) are connected to the DMZ VPC - by VPC Peering or via TGW (Transit Gateway) the answer would depend on that.

  • Honestly, I have tried both. In both the cases, I can see the connection between 3 VPCs (prod, dev, stage) and DMZ; but not 3 VPCs (prod, dev, stage) to internet. I am fine with 1 working solution either by VPC Peering or via TGW! Thanks in advance for your help!

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions