AWS Direct Connect route limit
Hi there, I am currently planning for network upgrade on existing Direct Connect from On-Prem to AWS region. Currently we are advertising 50+ prefixes into Transit Gateway through DXG, but I hear that there is a limit on the max number of prefix. Can anyone confirm and advise any work around as we are keep on consolidating our branch network connectivity to use service in AWS cloud.
Yes, there is a limit of 100 routes limit via Direct Connect with transit vif or privat vif (https://docs.aws.amazon.com/directconnect/latest/UserGuide/limits.html), if your route advertise more than that, the BGP session will go idle (DOWN).
You can do a route summarization if you can or consider using Transit Gateway Connect to build a overlay GRE tunnel with BGP session to advertise your routing information.
Pls refer to the blog for deployment details (https://aws.amazon.com/blogs/networking-and-content-delivery/integrate-sd-wan-devices-with-aws-transit-gateway-and-aws-direct-connect/)
This not only increase the route advertised from 100 to 1000, you can also build upto 4 GRE tunnels so as to increase your traffic up to 20Gbps to the Transit Gateway.
There's another limit you may need to be aware of depending on your architecture. Each TGW/DXGW Association can list at most 20 prefixes. These prefixes, covering your VPCs, are propagated to on-prem. Hopefully in your case for IPv4 you can use a single summary block but you still have an issue to solve if using site-to-site VPN as your fail-over link, because by default that will have propagated each VPC prefix. Those more specific prefixes will have precedence over the DX summary block. The workaround is to add static summary blocks to propagate for the VPN, and tell your on-prem router to ignore the specific VPC prefixes.
BTW future use of IPv6 across DX like this doesn't look easy at the moment. If you've let AWS assign VPC IPv6 CIDRs for you and you have a lot of VPCs, no way can you list them all with that limit of 20 prefixes. I raised a Product Feature Req about this a while back.
AWS Direct Connect route limitAccepted Answerasked 3 months ago
Direct Connect Location with different associated AWS RegionAccepted Answerasked 2 years ago
Connect remote sites using VPN to access on-prem via existing Direct Connect?Accepted Answerasked 2 months ago
Transit Gateway - number of prefixes from TGW->CGWAccepted Answerasked 3 years ago
AWS Direct Connect traffic from on-prem DC to remote AWS RegionAccepted Answerasked 3 years ago
Transit Gateway Direct Connect Gateway allowed prefix interactionsAccepted Answerasked 2 years ago
Are there any additional costs for cross-Region data transfers through AWS Direct Connect?Accepted Answerasked a year ago
Transit Gateway to Direct Connect Gateway to Transit GatewayAccepted Answerasked 2 years ago
Summarize Transit Gateway Prefixes across Multiple TGWAccepted Answerasked a year ago
Secondary CIDR VPC block - Direct ConnectAccepted Answerasked 3 years ago