By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to stop advertising default route in s2s VPN with BGP

0

Hi All, I have multiple s2s VPN connections from AWS (built on Transit Gateway) to other clouds (GCP and Azure). I have set up the tunnel options to only advertise specific subnets on the AWS side, but I still see 0.0.0.0/0 route is being advertised from AWS to others for example GCP! how can I stop that? this is causing an issue because I do not want in any outage scenario the other end (GCP or Azure) exits from AWS! I'd appreciate any help

Topics
Networking & Content Delivery
Tags
Networking & Content DeliveryAWS Transit GatewayAWS Virtual Private Network (VPN)
Language
English
Maryam
asked 2 years ago1.4K views
2 Answers
0

The way to control route propagation over BGP for VPN is with TGW route tables. You can create a new TGW route table just for the VPN tunnel(s) and then only propagate the routes that are needed.

profile pictureAWS
EXPERT
Tushar_J
answered 2 years ago
  • awslc
    2 years ago

    Same, or you could use blockhole to prevent route back

0

AWS will advertise 0.0.0.0/0 if it exists in the TGW routing table just like any other route. You can create a filter on your CGW under the BGP neighbor definition to filter 0.0.0.0/0 route. This way, you will continue receiving and installing all the desired routes from the TGW except 0.0.0.0/0 route.

profile pictureAWS
mml
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content