Join Log in
Score:0
Dmitry avatar Server

AWS Site-to-Site VPN with BGP - how routes are advertized via BGP?

jp flag
Dmitry

I've configured redundant site-to-site VPN between AWS and GCP with 2 VPN connections, 4 tunnels and BGP dynamic routing. Everything works, all good, servers on both sides of the tunnels can reach each-other.

I did that using Terraform and if on GCP side I did configured advertisement of all subnets:

  name    = "gcp-to-aws-router"
  project = google_project.aws_gcp_test.project_id
  region  = var.gcp_region
  network = google_compute_network.gcp_aws_vpc.name
  bgp {
    asn               = var.gcp_bgp_asn
    advertise_mode    = "CUSTOM"
    advertised_groups = ["ALL_SUBNETS"]
  }

then on AWS I haven't done anything specific to advertise routes, I have only enabled route propagation on a routing table where my server is located. I haven't explicitly added any routes nor announces subnets used on both sides of the tunnel by my servers. I've only enabled routing propagation on AWS side.

resource "aws_vpn_gateway_route_propagation" "this" {
  vpn_gateway_id = aws_vpn_gateway.aws_vpg.id
  route_table_id = aws_route.internet_gw_route.route_table_id
   
}

In here

the documentation states that:

You can enable route propagation for your route table to automatically propagate your network routes to the table for you. Nothing about advertisement of local routes to BGP.

I can't understand how how routes from AWS are ending up on GCP side? How does that work? :)

Thanks a lot!

50
0 + 0
vpn
bgp
John Hanley avatar
cn flag
John Hanley
Route propagation is one of the primary reasons BGP was developed. I would expect the AWS routes to be forwarded to the GCP side and vice versa without doing anything special. It is only when you have **custom/best** routes do you need to advertise them. Routes do take time to propagate, sometimes many minutes. Advertising can speed this process up.
0
Reply
Dmitry avatar
jp flag
Dmitry
Thank you John, but how AWS will decide which routes to add to BGP? All routes available in VPC in which the Virtual Gateway is created or is there any other mechanism?
0
Reply
John Hanley avatar
cn flag
John Hanley
For the most part, BGP takes care of everything for you. Route selection, forwarding, and advertising can be complicated. In summary, BGP makes routing decisions based on paths, defined by rules or network policies set by network administrators. Each router maintains a routing table controlling how packets are directed. Routing table information is generated by the BGP process on the router, based on incoming information from other routers, and information in the BGP routing information base (RIB), which is a data table stored on a server on the BGP router. There are good books for BGP.
0
Reply
John Hanley avatar
cn flag
John Hanley
Another concept to understand: ASN -Autonomous System Numbers. AWS maintains the RIB for AWS networks (ASNs). All other networks are usually "discovered" or defined by rules/policies.
0
Reply
John Hanley avatar
cn flag
John Hanley
All this gets even more complicated when you factor in that destinations usually have more than one route and each route can have a different cost. Routes can fail and come online. BGP routers constant exchange messages to keep routing functional.
0
Reply
Dmitry avatar
jp flag
Dmitry
Thanks a lot for the explanation, John! It became a bit more clear now, looks like I need to read up on how BGP works to understand it better :)
0
Reply
Score:0
Azize avatar Server
aq flag
Azize

When you attach a Virtual Private Gateway (VGW) to your VPC, and you have a Dynamic VPN (the one that uses BGP), AWS will advertise all VPC CIDRs to your Customer Gateway (CGW).

AWS advertises VPC CIDR not routes from an individual Route Table.

If your VPC has CIDR 10.10.0.0/16, your CGW will get this CIDR as advertised route.

As you can have up-to 5 CIDRs configured on your VPC, every time you add a new CIDR AWS will advertise it as well.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.