- Newest
- Most votes
- Most comments
The behavior you described is expected when using Direct Connect with a transit gateway.
When you establish BGP peering between the Direct Connect gateway and on-premises devices, the routes advertised depend on the allowed prefix lists configured on the transit gateway attachment. Even though each Direct Connect BGP session is peering with a separate on-premises device, they are both using the same transit gateway. So the allowed prefixes apply to both BGP sessions collectively. If you only configure one VPC CIDR in the allowed prefix list, then only that CIDR will be advertised to the on-premises devices, even if there are multiple BGP peers. To advertise routes for each CIDR over the corresponding BGP peer link, you need to include both CIDRs in the allowed prefix list. Then the transit gateway will advertise each CIDR appropriately over the BGP session attached to that CIDR's Direct Connect gateway.
thanks for the feedback. You mean the "Allowed prefixes" on the DxGW-to-TGW association can cause the problem ? Unfortunately I can't check this parameter by myself again, but I remember, my aws counterpart added both CIDRs to the "Allowed prefixes" as we provisioned the connections. Maybe the DxGW does not forward the CIDR of the local connected VIF to the TGW, even if both CIDRs 192.168.1.0/30 and 192.168.2.0/30 are allowed. But this does not describe the behavior (all VPN tunnels up) if I advertise both CIDRs only via 1 BGP-Peer not not via both. e.g. advertise 192.168.1.0/30 and 192.168.2.0/30 to 192.168.1.2 and advertise 192.168.2.0/30 only to 192.168.2.2.
Relevant content
- asked 4 months ago
- asked 6 years ago
- asked 3 years ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago