How to stop advertising default route in s2s VPN with BGP

Question

Hi All,
I have multiple s2s VPN connections from AWS (built on Transit Gateway) to other clouds (GCP and Azure). I have set up the tunnel options to only advertise specific subnets on the AWS side, but I still see 0.0.0.0/0 route is being advertised from AWS to others for example GCP! how can I stop that? this is causing an issue because I do not want in any outage scenario the other end (GCP or Azure) exits from AWS! I'd appreciate any help

Answer

The way to control route propagation over BGP for VPN is with TGW route tables. You can create a new TGW route table just for the VPN tunnel(s) and then only propagate the routes that are needed.

Answer

AWS will advertise 0.0.0.0/0 if it exists in the TGW routing table just like any other route. You can create a filter on your CGW under the BGP neighbor definition to filter 0.0.0.0/0 route. This way, you will continue receiving and installing all the desired routes from the TGW except 0.0.0.0/0 route.

How to stop advertising default route in s2s VPN with BGP

相關內容