- 最新
- 投票最多
- 评论最多
Q. Which routes will take precedence by default in Virtual Private Gateway ( BGP DX propagated route or static VPN propagated route) ? How we can change this if they have same prefix?
A. See below from the documentation
When a virtual private gateway receives routing information, it uses path selection to determine how to route traffic. Longest prefix match applies. If the prefixes are the same, then the virtual private gateway prioritizes routes as follows, from most preferred to least preferred:
- BGP propagated routes from an AWS Direct Connect connection
- Manually added static routes for a Site-to-Site VPN connection
- BGP propagated routes from a Site-to-Site VPN connection
- For matching prefixes where each Site-to-Site VPN connection uses BGP, the AS PATH is compared and the prefix with the shortest AS PATH is preferred.
Q. If DX down, it will be automatic failover to VPN in Virtual Private Gateway or we need config more?
A. You can have more specific prefixes advertised and propagated via DX and add less specific static prefix via VPN connection; with below setup DX route will be prioritized (Longest Prefix Match)
Example:
10.0.0.0/8 --> Static VPN Route Entry
10.0.0.0/24 --> DX Propagated
10.1.0.0/24 --> DX Propagated etc.
If DX goes down, the Propagated routes will be removed and traffic will take VPN connection route.
相关内容
AWS 官方已更新 10 个月前- AWS 官方已更新 2 年前
- AWS 官方已更新 1 年前
Thank you for your answer!! About second answer, if i have same prefix with DX and VPN, it will be automatic failover or not ? Or i need to configure more specific prefixes advertised and propagated via DX
Yes the failover should work, see this link also, it discusses TGW with VPN + DX but the scenario is same: https://aws.amazon.com/premiumsupport/knowledge-center/dx-configure-dx-and-vpn-failover-tgw/ As always recommend testing this setup thoroughly before rolling in production.