Categories
Cloud

How to advertise Non-VPC Subnet to AWS Direct Connect

AWS Direct connect link is a way to connect the corporate network to AWS via a private virtual network. Basically, it’s an L2 link/Cross-Connect from AWS Rack to your Rack. if you and AWS are not in the same data center, you need to reach out to an ISP to give the interconnect between AWS and your rack.

In the above diagram, the VPC subnet is 10.100.0.0/16.
When the Direct connect Virtual interface is created it is attached to VGW/DGW in the AWS end, corp network the physical interface gets connected to a router. We need to Configure BGP details in the AWS VI(Virtual circuit over Direct Connect link) and the same needs to be configured in the corp router to establish BGP connectivity

Once the BGP is established you only receive the VPC subnet(10.100.0.0/16) via the BGP session in the Corp router, This is fine for the normal setup. But if you have a Loopback configured on the EC2 instance with 192.168.100.0/24 subnet then you won’t be able to reach the loopback inteface from the corp network, as the corp network won’t know about that subnet. Even if you add a static route at the Corp router for 192.168.100.0/24 to go via the DGW/VGW the DGW/VWG will blackhole the traffic, as they also don’t know about the 192.168.100.0/24 subnet.

If you add a route in the private subnet route table also, that doesn’t gets advertised to the DGW/VGW/Corp router.

To overcome this issue, you need to use a Transit gateway, the Transit gateway is connected between the DGW and VPC. The DGW and VPC are attached to the Transit gateway as an attachment.

While attaching the DGW to the Transit Gateway, AWS console provides the option to enter the list of subnets originated from the Transit gateway, you have to mention the VPC subnet + Loopback subnet both(10.100.0.0/16, 192.168.100.0/24).

Additionally, you need to add the static route on the Private subnet route table also for 192.168.100.0/24 to go via the EC2 instance eth1 interface. In my below diagram I did not add the static route as I already have a default route pointing to the EC2 instance eth1 interface.

Final setup with Transit Gateway

Leave a Reply