Reputation: 11
Static Routing over Direct Connect and VPC Peering
We have a vmware instance hosted in our DataCentre, from which we have a AWS Direct Connect into a VPC in eu-west-2, and from there we've setup VPC peering to a different AWS account VPC in eu-west-1, as follows:
DataCentre <-- Direct Connect --> AWS London <-- VPC Peering --> AWS IE
The Direct Connect advertises the AWS London's VPCs private IP range via BGP (172.20.0.0/16). The Direct Connect is working fine, traffic between our DataCentre and this private IP range traverses the connection correctly. Similarly the VPC Peering is working correctly, I can send traffic directly instances in London (172.20.0.0/16) to instances in IE via their private IP range (172.31.0.0/16).
I want to route traffic from our DataCentre to instances in the AWS IE region over the Direct Connect and utilising VPC Peering. Specifically sending/receiving packets to a 172.31.0.0/16 IP from the VMWare instance. Can this be achieved solely with static routes?
Problems I'm hitting: The Direct Connect BGP seems to only advertise the VPC IP range to which it's attached, not the peered range.
Direct Connect Gateway looks to do what I need but my setup involves multiple AWS accounts so I don't believe this is a viable option.
Upvotes: 1
Views: 1424
Answers (2)
Reputation: 111
- DX Connection or DX-Gateway doesn't support transitive routing.(i.e VPC A and VPC B are peered and VPC A is connected via DX directly/DX-Gaetway,though it seems to be indirectly connected it doesn't allow to connect to VPC B via DX by default)
- Direct Connect Connections doesn't support across regions but do support multiple accounts with same region. (i.e DX location in eu-west-2 in one account can support multiple accounts for the same eu-west-2 region via Hosted VIF definition)
- With DX-Gateway your existing DX connections can now be used across multiple regions and multiple accounts. (Note:- From June 2019 I guess DX-Gateway can support multiple accounts)
Try out Transit Gateway and DX-Gateway combination to simplify your networking architecture.
Upvotes: 0
Reputation: 11
VPC peering does not support transit connections originating from other sources. They only support point-to-point connections, which is the reason DX BGP is advertising VPC range and not peered VPC range.
Upvotes: 0
Related Questions
- Connecting to internet through VPC peering
- Connect to RDS through VPC Peering
- Routing to a NAT instance across VPCs through a Transit Gateway
- AWS VPC Peering and route tables
- VPC Peering via aws-cdk
- Peering AWS VPC private to NAT
- AWS Direct Connect public interface
- AWS Transit Gateway
- AWS direct connect: Route from VPC Lambda to on-prem server
- alternative to VPC peering