By using AWS re:Post, you agree to the Terms of Use

Secondary CIDR VPC block - Direct Connect

0

My customer is expanding an existing VPC by adding secondary CIDR blocks , which is in different range than original (VPC is in 10.xxx range, and expanded CIDR blocks are in 100.xx range).

VPC is connected to on premises using Direct Connect . What are the changes required so that the instances in subnets under the secondary CIDR block range can communicate over direct connect and receive traffic back from on premises?

1 Answer
0
Accepted Answer

If the customer is using a Direct Connect Private VIF to terminate the Direct Connect on the Virtual Gateway in their VPC:

  • For receiving new CIDR range on-premise, AWS would send new CIDR range in the next BGP update on the DX VIF session to customer's router. Customer does not have to make any config change.

If the customer is using a Direct Connect Transit VIF to terminate the Direct Connect on Transit Gateway:

  • They may need to modify the prefixes in Transit Gateway on the Direct Connection attachment to send the new range (100.x.x.x) to on premises.
  • If automatic route propagation from the VPC attachment is enabled then the 100.x.x.x route will appear in Transit Gateway automatically.
  • If automatic route propagation from the VPC attachment is disabled then the customer will need to add the 100.x.x.x route manually.

On premises the customer will need to ensure that the 100.x.x.x route is accepted and added to any local routing protocols (static or dynamic).

answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions