By using AWS re:Post, you agree to the Terms of Use
/AWS Direct Connect route limit/

AWS Direct Connect route limit

0

Hi there, I am currently planning for network upgrade on existing Direct Connect from On-Prem to AWS region. Currently we are advertising 50+ prefixes into Transit Gateway through DXG, but I hear that there is a limit on the max number of prefix. Can anyone confirm and advise any work around as we are keep on consolidating our branch network connectivity to use service in AWS cloud.

2 Answers
2
Accepted Answer

Hi,

Yes, there is a limit of 100 routes limit via Direct Connect with transit vif or privat vif (https://docs.aws.amazon.com/directconnect/latest/UserGuide/limits.html), if your route advertise more than that, the BGP session will go idle (DOWN).

You can do a route summarization if you can or consider using Transit Gateway Connect to build a overlay GRE tunnel with BGP session to advertise your routing information.

Pls refer to the blog for deployment details (https://aws.amazon.com/blogs/networking-and-content-delivery/integrate-sd-wan-devices-with-aws-transit-gateway-and-aws-direct-connect/)

This not only increase the route advertised from 100 to 1000, you can also build upto 4 GRE tunnels so as to increase your traffic up to 20Gbps to the Transit Gateway.

Gary

answered 3 months ago
1

There's another limit you may need to be aware of depending on your architecture. Each TGW/DXGW Association can list at most 20 prefixes. These prefixes, covering your VPCs, are propagated to on-prem. Hopefully in your case for IPv4 you can use a single summary block but you still have an issue to solve if using site-to-site VPN as your fail-over link, because by default that will have propagated each VPC prefix. Those more specific prefixes will have precedence over the DX summary block. The workaround is to add static summary blocks to propagate for the VPN, and tell your on-prem router to ignore the specific VPC prefixes.

BTW future use of IPv6 across DX like this doesn't look easy at the moment. If you've let AWS assign VPC IPv6 CIDRs for you and you have a lot of VPCs, no way can you list them all with that limit of 20 prefixes. I raised a Product Feature Req about this a while back.

answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions