By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

specify metric in static routes

0

Hello,

Would it be possible to specify metric in static routes?

We have setup a Site-to-Site VPN with an external customer gateway.

According to the documentation at https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNRoutingTypes.html "On a Site-to-Site VPN connection, AWS selects one of the two redundant tunnels as the primary egress path. This selection may change at times, and we strongly recommend that you configure both tunnels for high availability, and allow asymmetric routing."

Our amazon side has two tunnels with equal priority (metric). The remote (customer) side is a Fortigate firewall. Unfortunately, the customer has specified different metrics on their tunnels, making one on the tunnels act as "primary" and the other acting as "secondary".

This discrepancy between the two sides, amazon being asymmetric vs. customer being fixed primary/secondary is a problem, we don't have traffic flowing smoothly in the tunnels.

Is there an option on the amazon side to set a corresponding metric on the tunnels, making them equivalent to the customer's settings, i.e. primary/secondary ?

Thanks, Sot.

Topics
Networking & Content Delivery
Tags
Amazon VPC
Language
English
stsimb
asked 2 years ago481 views
2 Answers
4

For the purposes of this answer I've assumed you're running a VPC-attached Virtual Private Gateway.

The documentation is correct - you can't specific a metric as the tunnel selection is within the VPN service and therefore either tunnel could be used.

Another option is to use Transit Gateway; that allows for both tunnels on the same VPN connection to be used simultaneously (using ECMP) or for you to configure two different tunnels and advertise different routes and metrics for the tunnels using BGP. It is a more complex setup but it does give you greater flexibility.

profile pictureAWS
EXPERT
Brettski-AWS
answered 2 years ago
AWS
EXPERT
Hernito
reviewed 2 years ago
  • stsimb
    2 years ago

    Hello @brettski, thank you very much for your anwer.

    Our customer doesn't want to use BGP, that's why we're using static routing.

    If we used a Transit Gateway, would we have an option to set the metric per tunnel and avoid ECMP (because the customer wants priorities, not equal cost paths) ?

0

Agree with what Brettski replied, that TGW gives your customer more flexibility and control. However, if static routing is the only option, your customer won't be able to select one tunnel over another.

I challenge you to dive a bit deeper into the reasons why:

  1. BGP isn't an option
  2. there is the desire to privilege one tunnel over another.
AWS
nico_aws
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content