How do I set an Active/Passive Direct Connect connection to AWS?
When using AWS Direct Connect to transport production workloads to and from AWS, it is recommended to use dual Direct Connect via different data centers or providers.
Configure the following:
- Two routers to terminate the primary and secondary DX connections to avoid a single point of device failure.
- A private virtual interface on each of the DX routers that terminate to the same VPC.
- HA routing protocols (such HSRP, VRRF, GLBP, etc.) on two routers to allow Local servers to use multiple routers that act as a single virtual router, maintaining connectivity even if the primary router fails, because the secondary router will take over and become active, or run an internal routing protocol such as iBGP which will learn routes from Direct Connect EBGP and distribute prefixes to internal iBGP gateways.
- Active/Passive (failover). One connection is handling traffic, and the other is on standby. If the active connection becomes unavailable, all traffic is routed through the passive connection. You will need to AS path prepend the routes on one of your links for it to be the passive link.
For more information, see Configure Redundant Connections with AWS Direct Connect.
Note: Check your vendor documentation for commands that are specific to your network device.
The local preference attribute is used to prefer an exit point from the local autonomous system (AS). If there are multiple exit points from the AS, the local preference attribute is used to select the exit point for a specific route.
Influencing AWS outbound traffic using AS Path prepending
The BGP Best Path Algorithm decides how the best path to an autonomous system is selected. A common value that is used to determine the best path is the AS Path length. When two or more routes exist to reach a particular prefix, the default in BGP is to prefer the route with the shortest AS Path.
The secondary router will advertise a longer AS path, so traffic from VPC to your network will always be via the primary router.
VPC, endpoint, subnet, private