How can I control the routes advertised and received over the AWS public virtual interface (VIF) to a specific region, continent, or globally?
AWS Direct Connect locations in public regions or in the AWS GovCloud (US) Region can access public services in any public region (excluding the China (Beijing) Region). Direct Connect advertises all local and remote AWS Region prefixes where available, and includes on-net prefixes from other AWS non-region points of presence (POPs) where available, such as Amazon CloudFront or Amazon Route 53. For more information, see Routing Policies and BGP Communities.
Direct Connect supports a range of Border Gateway Protocol (BGP) community tags to help control the scope (regional, continent, or global) of routes advertised and received over a public VIF.
Direct Connect BGP community tags that AWS advertises to your customer gateway device over the public VIF include:
- 7224:8100—Routes that originate from the AWS Region where the Direct Connect point of presence is located.
- 7224:8200—Routes that originate from the continent where the Direct Connect point of presence is located.
- No tag—Global (all public AWS Regions).
If you have a public VIF in the us-east-1 region, AWS advertises the routes associated for public resources in us-east-1 region with a community tag of 7224:8100. For routes for public resources in North America, AWS advertises the routes with a community tag of 7224:8200. For all other prefixes, there is no tag.
Direct Connect BGP community tags that you can use to select the scope of your prefixes to AWS:
- 7224:9100—Local AWS Region where the Direct Connect point of presence is located.
- 7224:9200—All AWS regions for the continent (for example, North America) where the Direct Connect point of presence is located.
- 7224:9300 or no tag—Global (all public AWS Regions).
If you have a public VIF in the us-east-1 region, you can limit the scope of the routes you advertise to us-east-1 region with the community tag of 7224:9100. If you tag your routes with the community tag of 7224:9200, your prefixes are advertised to all US regions (North America continent). If you tag your routes with the community tag of 7224:9300, or if you do not tag your prefixes with a community tag, your prefixes will be advertised to all AWS Regions.
For example, to limit the routes received and advertised over the public VIF to a specific local region, make sure you configure a prefix filter and a route map that matches the routes received from AWS with the community tag of 7224:8100, and then install only those routes. You also must advertise your prefixes to AWS with a community tag of 7224:9100. This will make sure that the routes received and advertise over the public VIF are limited to the local region.
You can use any combination of the community tags to control the routes advertised and received over an AWS public VIF.
For the current list of prefixes advertised by AWS, download the AWS JSON IP Address Ranges. For more information, see AWS IP Address Ranges.
Note: Check your vendor documentation to configure prefix filters, route map commands, or BGP configuration settings specific to your network device.