By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

VPN DX public VIF termination advice

1

When terminating the VPN on public VIF, if there is an Internet reachable public IP in the path, how can you protect it from things like DDoS?

Topics
Networking & Content Delivery
Tags
AWS Direct Connect
Language
English
AWS
AWS-User-3441239
asked 4 years ago301 views
1 Answer
0
Accepted Answer

The first line of defense would be using a firewall filter (based on the source/destination address of packets) to control traffic to and from, based on IP address ranges. This could be done on a stand alone device, on the router, or through your provider's network (e.g. in an SD-WAN configuration).

We recommend that you use a firewall filter (based on the source/destination address of packets) to control traffic to and from some prefixes. If you're using a prefix filter (route map), ensure that it accepts prefixes with an exact match or longer. Prefixes advertised from AWS Direct Connect may be aggregated and may differ from the prefixes defined in your prefix filter.

AWS
EXPERT
Rizwan_M
answered 4 years ago
profile picture
EXPERT
Sedat Salman
reviewed 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content