By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

BGP Propagation not working for specific CIDR

0

I am trying to propagate a network through the on-premise router to the direct connect gateway I am using a Transit Gateway to manage the network in my accounts. I take all private network ranges for testing: 10.0.0.0/8, 172.16.0.0 /12 and 192.168.0.0/16. The first two networks (10.0.0.0/8 and 172.16.0.0 /12) work and are showing as "Propagated" in the TGW route tables. However, the 192.168.0.0/16 network is not propagated. Where could be the error here?

Edit: To clarify I added some pictures. There are no "Prefix List references" configured.

Enter image description here Enter image description here Enter image description here

Topics
Networking & Content Delivery
Tags
Amazon VPCAWS Direct ConnectNetworking & Content DeliveryAWS Transit Gateway
Language
English
rePost-User-5869278
asked a year ago501 views
3 Answers
1

Do you have any VPC with 192.168.0.0/16 CIDR attached to TGW ? Are all 3 CIDR locally originated from your rotuer ? or one of them is just propagated ( aka learned from backbone and readvertised to AWS ?) Same ASN in advertised CIDR of 192.168.0.0/16 as of AWS side ASN can be one of the reason.

If no, then only way to diagnose further is by studying some outputs.

If you are using Cisco Router then as Tushar suggested, share output of working and non working CIDR

If other vendors then share equivalent output.

No other way to tshoot further.

Muhammad
answered a year ago
0

Have you checked if the on-premises CGW (router/switch/firewall ) is indeed advertising 192.168.0.0/16 route? For example on a Cisco router you would check: show ip bgp neighbor x.x.x.x advertised-routes

profile pictureAWS
EXPERT
Tushar_J
answered a year ago
  • rePost-User-5869278
    a year ago

    yes. I triple checked that. On-Premises config is fine.

  • Tushar_J EXPERT
    a year ago

    There is no filtering done on AWS side for routes advertised by the customer router so likely there is configuration issue on the CGW. The 'Allowed prefixes' on DXGW is for the other way - AWS to on-premises advertisements.

  • Tushar_J EXPERT
    a year ago

    Is this issue resolved? you may want to open support case as troubleshooting is very limited over a forum like this. Good luck.

  • rePost-User-5869278
    a year ago

    Thanks to all, the issue is resolved. It was a configuration issue on the on-premise side. Our network technician fixed it.

  • Tushar_J EXPERT
    a year ago

    If the answer provided is useful please mark the answer as 'Accepted Answer'. Thank you.

0

That sounds a lot like an exam question. ;-)

But, there's probably an issue in the Direct Connect Gateway allowed prefixes where 192.168.0.0/16 isn't specified.

profile pictureAWS
EXPERT
Brettski-AWS
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content