Questions tagged with AWS Direct Connect
Content language: English
Sort by most recent
With a Site-to-Site VPN, how can I set the neighbor remote-as BGP to something other than 65000?
Hi. We are in the process of setting up a Site-to-Site VPN between a TGW and a Customer Gateway . Having downloaded the configuration file, we have been advised by our networking partner that we need to amend the advertised remote-as BGP value. Creating a new CGW only gives the option to change the 'router bgp' value. How can we change the remote-as value to 12345 (for example)? As we are currently stuck with the IPSEC VPN up, but the overall status as DOWN. **#4: Border Gateway Protocol (BGP) Configuration** ``` router bgp 65001 bgp log-neighbor-changes bgp graceful-restart address-family ipv4 unicast neighbor 169.254.x.x remote-as 65000 ``` Many Thanks.
AWS DX : missing Connection details.
Hi, IHAC who created a DX few months ago but the person in charge left. When checking the setup now. 1. at the provider side (Megaport) everything seems ok. Connection is active, VIF details can be seen, etc. 2. at the AWS console, we can see a VIF but showing status as down. 3. at the AWS console, under DX, there no connection. I am surprised that the console does not list any connection if there is still a VIF. The customer cannot create a new VIF because there is no active connection. What could be the problem here ? Thanks.
How do we correctly link the DC Gateway into the VPC, is a VG required?
I'm struggling to get my head around a lot of the AWS information. We have a Direct Connection and it's half working. The DC Gateway has a virtual interface that links to my onsite hardware. Ping works. BGP works. The DC has no other associated gateways. I think what I'm supposed to do is create a Virtual Private gateway that links to a VPC. I can do this, and it sort of works, to the extent that the subnets that are in the VPC can be successfully advertised over the BGP session to my hardware. However, it doesn't actually work because I can't exchange traffic with IP addresses inside the VPC from my onsite hardware anyway. So what gives me pause here is when I try to create the Private gateway, the string appears: "A virtual private gateway is the router on the Amazon side of the VPN tunnel." but I don't want AWS to setup a VPN tunnel. Also that VPG wants an AS configured, which implies that it wants to do BGP peering into the VPC with some device that's talking BGP back to it, which doesn't seem right to me. So how and where do I configure the VPC side of the DC gateway? Where do I type in a static IP that will be the default gateway for my VPC's subnet, so that the instances can send packets to that IP which will arrive at the hardware end of my AWS DC? Also -- with no traditional console access to the "router" that forms the AWS side of the DC, how do we do packet captures and other debugging to find out where packets are being lost? Edited by: DC-Client on Sep 1, 2021 4:25 PM
Summarize Transit Gateway Prefixes across Multiple TGW
Customer with 2 Transit Gateways, both associated with the same Direct Connect gateway. They are looking to consolidate the prefixes on TGW A. Currently they have: TGW A 10.1.112.0/20, 10.1.144.0/20, 10.1.160.0/20, 10.1.176.0/20, 10.1.204.0/24, 10.1.224.0/20, 10.1.241.0/24 etc TGW B 10.1.0.0/20, 10.1.16.0/20, 10.1.208.0/20 and would like to consolidate down to: TGW A 10.1.0.0/16 TGW B 10.1.0.0/20, 10.1.16.0/20, 10.1.208.0/20 My question is, will prefixes be resolved using the longest prefix first? So routes matching the longer subnet masks on TGW B will still be routed, with everything else under the /16 mask being routed to TGW A?
Can I have multiple private VIFs associated with one VGW?
Hi, I am studying the direct connect service. We are thinking about getting a one-gig DX and we want to peer with using two on-prem routers. My understanding is that, for this one connection, I will have two private VIFs, each with a different Vlan. My routers will have different sub-interfaces (one for each Vlan) and my BGP is like on-prem router1 sub-interface.100 <---vlan100---> private VIF1 on-prem routers sub-interface.200 <---vlan200---> private VIF2 Does this look right? Can I associate both private VIFs to the one VGW for my VPC? Thanks Difan
[On-Premise] Best practice on connecting to on-premise
A customer wants to connect AWS with their on-premise network. Is there a best practice on connecting AWS to on-premise? I searched Internet but couldn't find any self-help questions or guidance on best practices. From my research, it seems it's reasonable to enable Site-to-Site VPN (for brevity, S2S) firstly and then enable DirectConnect (DX) when there is need for stable connection. If extra stability is needed, then consider S2S + DX simultaneously. Is this a good approach? For now, the customer does not have a good estimate on how much the throughput will be and their PoC is just starting. They want to wait and see how it goes. Could you provide me a good advice? Thank you!
Routing VPC to VPC traffic through an on-prem firewall via Transit Gateway
A customer is trying to setup VPC to VPC routing through their on-prem firewall over TGW. The desired behavior is that traffic from VPC-A will route through the on-prem firewall to get to VPC-B. With the current setup, the traffic routes from VPC-A to VPC-B without making it to the on-prem firewall. When we perform a traceroute, the 2nd hop in the path is a 169.254.x.x address, which I believe may be the DXGW or something similar. I can replicate the same behavior If I have a 0.0.0.0 route defined to a nat gateway as well, but in that case the 2nd hop is the nat gateway address. The customer POC setup is as follows: VPC-A - 10.0.0.0/24 VPC-B - 10.0.1.0/24 DXGW connected to DX via TVIF **VPC-A-Route-Table Routes** 10.0.0.0/24, local 0.0.0.0, TGW **VPC-B-Route-Table Routes** 10.0.1.0/24, local 0.0.0.0, TGW **TGW -VPC-Traffic route table** **associations:** VPC-A VPC-B **Propagations:** DXGW **Routes:** On-Prem routes, propagated 0.0.0.0/0, DXGW attachment, static **TGW - On-prem traffic route table** **Associations:** DXGW **Propagations:** VPC-A VPC-B **Routes:** 10.0.0.0/24 10.0.1.0/24 I believe we are missing an explicit route to tell traffic to use the on-prem firewall for routing of VPC to VPC traffic, but I am not exactly sure of the best place to configure that in this scenario.
Direct Connect Failover with two Virtual Interfaces (VIFs)
To test a Direct Connect (DX) failover using two VIFs on the same Direct Connect connection using the documentation [AWS Direct Connect Failover Test](https://docs.aws.amazon.com/directconnect/latest/UserGuide/resilency_failover.html). Does a resiliency model of at least two Direct Connect connections required for this type of failover testing?
Are there any additional costs for cross-Region data transfers through AWS Direct Connect?
We have Direct Connect service in two different AWS Regions. If we trombone traffic from the first Region to the second Region using Direct Connect through our data center, will we get billed for cross-Region network costs?
VPN over Direct Connect with Direct Connect Gateway
Hello Can Direct Connect Gateway be used to connect multiple on-premise site to multiple AWS VPC.. In addition, is it possible to setup VPN over Direct Connect to encrypt the traffic from on-premise to AWS. Is this possible via AWS Direct Connect Gateway? Thanks,
Direct Connect LAG across circuits from different providers
We have an existing 1G dedicated Direct Connect and thinking of using LAG to increase the available bandwidth by adding an additional 1Gig port. Do we have to use the same telco provider for link #2 or will LACP only work if the same provider supplies both circuits.