Direct Connect + VPN + TGW with DX/VPN failover
0
Two of my customers want to use DX (with VPN) connected to a TGW with an additional VPN failover. They want to avoid routing traffic over that failover link unless the primary DX isn’t routing traffic.
All VPN connections seem to default to ECMP if you enable ECMP on the TGW, meaning all traffic is split across all VPN links all the time.
Could you do BGP route manipulation on the on-prem side to achieve this? A combination of advertising a lower-cost route for AWS->on-prem traffic, and AS path prepending for on-prem->AWS?
已提问 4 年前725 查看次数
1 回答
- 最新
- 投票最多
- 评论最多
0
So you have multiple IPSec VPN terminating on the same TGW and want to prefer one over the other? Is that correct?
You can control this from the customer side (CGW)
- AWS->On-Prem: Use AS-Prepend or MED to control which path to take
- On-Prem->AWS: Use LOCAL_PREF to control which path to take
相关内容
AWS 官方已更新 10 个月前- AWS 官方已更新 2 年前
- AWS 官方已更新 9 个月前
