
Understanding AWS Direct Connect BGP Communities
This post will dive into the practical use of AWS Direct Connect and BGP communities to enhance network routing and traffic management between on-premises data centers and AWS. It will cover key topics like how to control route advertisements using Public Virtual Interfaces (Public VIFs) and perform routing engineering across multiple Direct Connect locations.
- 7224:7100: LOW preference
- 7224:7200: MEDIUM preference
- 7224:7300: HIGH preference
- BGP Communities and Local Preference: Set a higher preference (e.g., 7224:7300) on the primary connection and a lower one (e.g., 7224:7100) on the secondary connection to prefer the primary path.
- AS_PATH Prepending: Increase the AS_PATH length on the secondary connection to make it less preferred compared to the primary connection.
- MED Values: Set lower MED values on the primary path if local preference and AS_PATH are the same.
- 7224:9100: Local AWS Region
- 7224:9200: All AWS Regions on the same continent
- 7224:9300: Global (all public AWS Regions)
- 7224:8100: For routes originating from the same AWS Region as the Direct Connect location
- 7224:8200: For routes from the same continent
- NO_TAG: For routes originating from other continents
- 192.168.0.0/24 - Preferred
- 192.168.0.0/16 - NOT Preferred
- For DX1 (primary): Apply 7224:7300 to set a high preference.
- For DX2 (secondary): Apply 7224:7100 to set a low preference.
- On DX2, prepend the AS_PATH to make it less preferred.
- Set a lower MED value on DX1 to ensure it’s preferred when all other attributes are equal.
- On your on-premises BGP routers, filter received AWS routes to ensure only the necessary prefixes are accepted, applying the NO_EXPORT tag as needed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
! Define the BGP neighbor and basic BGP configuration
router bgp 65000
bgp log-neighbor-changes
! Configure first AWS Direct Connect link (primary)
neighbor 192.0.2.1 remote-as 7224
neighbor 192.0.2.1 description AWS Direct Connect Primary
neighbor 192.0.2.1 password 7 <Your_BGP_Password>
neighbor 192.0.2.1 route-map SET_HIGH_PREFERENCE out
neighbor 192.0.2.1 send-community both
! Configure second AWS Direct Connect link (secondary)
neighbor 198.51.100.1 remote-as 7224
neighbor 198.51.100.1 description AWS Direct Connect Secondary
neighbor 198.51.100.1 password 7 <Your_BGP_Password>
neighbor 198.51.100.1 route-map SET_LOW_PREFERENCE out
neighbor 198.51.100.1 send-community both
! Define address family for IPv4
address-family ipv4
neighbor 192.0.2.1 activate
neighbor 198.51.100.1 activate
exit-address-family
! Define prefix list for advertised routes
ip prefix-list BGP-ADVERTISED-PREFIXES seq 5 permit 192.168.0.0/16
! Define route-map to set high preference for primary link
route-map SET_HIGH_PREFERENCE permit 10
match ip address prefix-list BGP-ADVERTISED-PREFIXES
set community 7224:7300
! Define route-map to set low preference for secondary link
route-map SET_LOW_PREFERENCE permit 10
match ip address prefix-list BGP-ADVERTISED-PREFIXES
set community 7224:7100
! Apply route-maps to BGP neighbors
router bgp 65000
address-family ipv4
neighbor 192.0.2.1 route-map SET_HIGH_PREFERENCE ou
neighbor 198.51.100.1 route-map SET_LOW_PREFERENCE out
exit-address-famil
- 192.0.2.1 is configured as the primary AWS Direct Connect link.
- 198.51.100.1 is configured as the secondary AWS Direct Connect link.
- SET_HIGH_PREFERENCE: This route-map sets the community 7224:7300 for routes advertised to the primary link, giving it higher precedence.
- SET_LOW_PREFERENCE: This route-map sets the community 7224:7100 for routes advertised to the secondary link, giving it lower precedence.
- BGP-ADVERTISED-PREFIXES: This prefix list specifies which routes are advertised to AWS. Here it permits the prefix 192.168.0.0/16.
- Both neighbors are activated under the IPv4 address family.
Any opinions in this post are those of the individual author and may not reflect the opinions of AWS.