AWS direct connect - Can you use OSPF ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-02-2021 02:12 AM
Hi All
We are about to set up a AWS direct connect with our MPLS provider.
we use overlay tunnels (GRE) which are encrypted using IPSEC normally and then run OSPF over them.
Can we use OSPF in AWS?
Can we use a VTI tunnel in AWS to build a tunnel to our MPLS router ?
Where would the direct connect terminate in AWS, on the transit gateway?
cheers
- Labels:
-
Other Routing
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-02-2021 02:23 AM
as per i come across most cases used BGP, Do you have any Cisco Devices on AWS Like Virtual CSR
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-02-2021 03:11 AM
Hi
No we dont have a CSR in place.
I would imagine you could create a vpn gateway attachment which uses VTI and use this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-02-2021 05:01 AM
That is on your side, does the AWS side support natively ? (other than BGP is the questioin ?)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-02-2021 05:06 AM
I will need to speak with AWS to see what is possible here.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-02-2021 08:06 AM - edited 01-20-2022 03:40 AM
yes worth check it, they may ask you deploy your own router (this what i heard)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-03-2021 03:30 AM
Hi there,
Can we use OSPF in AWS?
OSPF is not natively supported in AWS, if you wanted to use it it would have to be within your own tunneled overlay network.
Can we use a VTI tunnel in AWS to build a tunnel to our MPLS router ?
To form an IPSec tunnel to your router an AWS Site-to-Site VPN would be required. eBGP is configured on these VPNs.
Where would the direct connect terminate in AWS, on the transit gateway?
When you receive a Direct Connect you configure VIFs. These VIFs have the following attributes: VLAN ID, address family, ASN and BGP MD5. It is with these VIFs that you form an eBGP peering with. The VIFs themselves is associated with a VGW which can then be attached to a single VPC or DGW.
cheers,
Seb.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-20-2022 12:39 AM
Hi Carl
i have this cisco router config ques issue for aws direct connect at https://community.cisco.com/t5/routing/how-to-configure-cisco-router-for-aws-direct-connect-line/m-p/4534891#M361285 pls help thks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-20-2022 08:10 AM
Hello
My understanding all private/public vifs require bgp with md5, irrelevant of what transit path is being used to establish the aws connection - direct connect or internet ipsec vpn or both for resiliency.
Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.
Kind Regards
Paul
