How can I use BGP communities to influence the preferred routing path on Direct Connect links from AWS to my network?

4 minute read

I want to use Border Gateway Protocol (BGP) communities to influence the preferred routing path on AWS Direct Connect links from AWS to my network.

Short description

To configure private and transit virtual interfaces to prioritize which interface AWS uses to route traffic to your network, use the AS_PATH attribute. Direct Connect also supports local preference BGP community tags to control the route preference of traffic on private and transit virtual interfaces.

Note: Local preference BGP community tags are evaluated before the AS_PATH attribute.

Resolution

Community tags

Direct Connect supports the following local preference BGP communities:

7224:7100 Low preference
7224:7200 Medium preference
7224:7300 High preference

Direct Connect evaluates local preference BGP community tags from lowest to highest preference. For each prefix that you advertise over a BGP session, you can apply a community tag to indicate the associated path's priority for returning traffic. Similarly, when you advertise from on-premises to AWS, you can prepend additional AS_PATH attributes to the prefixes. Direct Connect prioritizes the path with the fewest AS_PATH attributes for returning traffic.

The following scenario is an example use case:

You have two virtual interfaces A and B and advertising prefixes 10.10.10.0/24 and 10.20.20.0/24 to AWS.
You want virtual interface A to be preferred for traffic to network 10.10.10.0/24.
You want virtual interface B to be preferred for traffic to network 10.20.20.0/24.

In this case, you can use local preference community tags:

Apply higher preference tag 7224:7300 to prefix 10.10.10.0/24 on the BGP session in virtual interface A.
Apply higher preference tag 7224:7300 to prefix 10.20.20.0/24 on the BGP session in virtual interface B.

Note:

For private virtual interfaces, if you don't use BGP community tags to specify local preference, then the outbound routing behavior defaults to an AWS Region. In this case, the behavior is based on the Direct Connect locations' relative distance to the originating Region. If the relative distance costs aren't equal, then Autonomous System (AS) prepending can't influence routing behavior. Direct Connect evaluates the lowest distance relative cost before AS_PATH prepending.
To load balance traffic across multiple AWS Direct Connect connections, apply the same community tag across the prefixes for the connections.

Configuring AS_PATH and BGP community attributes

You must configure AS_PATH prepending and BGP community tags on an on-premises router. Advertise the prefixes from this router to the Direct Connect router. Because you can use any routing device for this task, you must refer to a configuration that's specific to your vendor's router. See the following external documentation for vendors that are commonly used for on-premises routers:

The following example configuration prepends an AS_PATH for prefix 10.0.0.0/8 on a Cisco router and advertise to AWS:

Router(config)#access-list 10 permit 10.0.0.0 0.255.255.255
Router(config)#route-map cisco permit 10
Router(config-route-map)#match ip address 10
Router(config-route-map)#set as-path prepend 650014 650014
Router(config-route-map)#exit
Router(config)#route-map cisco permit 20
Router(config-route-map)#exit
Router(config)#router bgp LOCAL\_AS
Router(config-router)#neighbor NEIGHBOR\_IP route-map cisco out
Router(config-router)#end

The following example configuration advertises prefix 10.0.0.0/8 with the BGP community tag 7224:7300 from a Cisco router to AWS:

Router(config)#access-list 10 permit 10.0.0.0 0.255.255.255  
Router(config)#route-map cisco permit 10  
Router(config-route-map)#match ip address 10  
Router(config-route-map)#set community 7224:7300  
Router(config-route-map)#exit  
Router(config)#route-map cisco permit 20  
Router(config-route-map)#exit  
Router(config)#router bgp LOCAL\_AS  
Router(config-router)#neighbor NEIGHBOR\_IP send-community  
Router(config-router)#neighbor NEIGHBOR\_IP route-map cisco out  
Router(config-router)#end

Note: In these examples, replace LOCAL_AS and NEIGHBOR_IP with your values.

Related information

Public virtual interface BGP communities

Routing policies and BGP communities

How can I use BGP communities to control the routes advertised and received over the AWS public virtual interface with Direct Connect?

Topics

Networking & Content Delivery

Relevant content

Transit gateway decision routing to same prefix, coming from multiple Direct Connect Gateways
rePost-User-2852604
asked a year ago
Using AS-Path attribute to influence routing over multiple regions
Accepted Answer
Imran
asked 6 months ago
How does Dx-connect gateway does path preference
AWS-User-787786
asked 2 years ago
AWS Direct Connect - BGP - Static Routes only?
Accepted Answer
CloudExcellent
asked 5 months ago
Site 2 Site VPN Using Customer Gateway and Virtual Private Gateway and Dynamic Routing (BGP)
TimP
asked 2 months ago
How do I influence my Direct Connect connection network traffic path to on-premises over multiple circuits?
AWS OFFICIALUpdated 2 years ago
How do I configure routing for my Direct Connect private virtual interface?
AWS OFFICIALUpdated 2 years ago
How can I use BGP communities to control the routes advertised and received over the AWS public virtual interface with Direct Connect?
AWS OFFICIALUpdated 4 months ago
Why can't I use a Direct Connect connection to connect to VPC resources over a transit virtual interface?
AWS OFFICIALUpdated 5 months ago
BGP Negotiation over AWS Site-to-Site VPN and Direct Connect: Troubleshooting Strategies for Efficient Networking
EXPERT
Vinay Gugueoth
published 9 months ago