By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Direct Connect + VPN + TGW with DX/VPN failover

0

Two of my customers want to use DX (with VPN) connected to a TGW with an additional VPN failover. They want to avoid routing traffic over that failover link unless the primary DX isn’t routing traffic.

All VPN connections seem to default to ECMP if you enable ECMP on the TGW, meaning all traffic is split across all VPN links all the time.

Could you do BGP route manipulation on the on-prem side to achieve this? A combination of advertising a lower-cost route for AWS->on-prem traffic, and AS path prepending for on-prem->AWS?

Topics
Networking & Content Delivery
Tags
AWS Direct ConnectAWS Transit Gateway
Language
English
AWS
AWS-User-7705521
asked 4 years ago712 views
1 Answer
0
Accepted Answer

So you have multiple IPSec VPN terminating on the same TGW and want to prefer one over the other? Is that correct?

You can control this from the customer side (CGW)

  • AWS->On-Prem: Use AS-Prepend or MED to control which path to take
  • On-Prem->AWS: Use LOCAL_PREF to control which path to take
profile pictureAWS
EXPERT
ChrisE-AWS
answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content