Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
932
Views
0
Helpful
0
Replies

Q. Does the Cisco CSR 1000V route traffic between different subnets that are inside an AWS VPC?

Nicholas Oliver
Cisco Employee
Cisco Employee

‎08-18-2014 10:12 AM - edited ‎03-12-2019 07:19 AM

A. Yes the CSR1000V will route packets between subnets within a VPC.  However, if those subnets both have external connections through the Internet Gateway (IGW) this presents a problem.  

For example, consider the following setup:

IGW -- SUBNET-A -- CSR -- SUBNET-B -- IGW

If a packet comes from outside of the VPC onto SUBNET-A, and needs to be routed to SUBNET-B, and then from there it needs to exit the VPC the Amazon Anti-Spoofing feature will come into play and will drop the packet.  Amazon Anti-Spoofing is a feature that is implemented by the underlying infrastructure and is not enabled by the user.  If a packet is traversing a segment that it did not originate on, and must be sent to the IGW, the IGW will not forward that packet.  An alternative would be to use tunneling to get traffic out of the AWS infrastructure so that the source of the packet is not visible to the IGW.

 

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents