Secondary CIDR VPC block - Direct Connect
My customer is expanding an existing VPC by adding secondary CIDR blocks , which is in different range than original (VPC is in 10.xxx range, and expanded CIDR blocks are in 100.xx range).
VPC is connected to on premises using Direct Connect . What are the changes required so that the instances in subnets under the secondary CIDR block range can communicate over direct connect and receive traffic back from on premises?
- Newest
- Most votes
- Most comments
If the customer is using a Direct Connect Private VIF to terminate the Direct Connect on the Virtual Gateway in their VPC:
- For receiving new CIDR range on-premise, AWS would send new CIDR range in the next BGP update on the DX VIF session to customer's router. Customer does not have to make any config change.
If the customer is using a Direct Connect Transit VIF to terminate the Direct Connect on Transit Gateway:
- They may need to modify the prefixes in Transit Gateway on the Direct Connection attachment to send the new range (100.x.x.x) to on premises.
- If automatic route propagation from the VPC attachment is enabled then the 100.x.x.x route will appear in Transit Gateway automatically.
- If automatic route propagation from the VPC attachment is disabled then the customer will need to add the 100.x.x.x route manually.
On premises the customer will need to ensure that the 100.x.x.x route is accepted and added to any local routing protocols (static or dynamic).
Relevant content
- asked 2 years ago
- Accepted Answerasked 2 years ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
