Thank you! Very helpful information collected together in one document. It would be also great to add information how to configure different VPC implementations to work with the provided solutions. For example, I'm thinking about having a few subnets in different AWS security zones (let's say one subnet would be like a traditional DMZ on external security zone with the servers on elastic IP addresses accessible from the Internet while other subnets on internal security zone accessible on permitted protocols/port from servers on external security zone). Probably it would be possible to make all traffic going through the CSR, but I think the simpler approach would be to have a separate AWS Internet GW for subnets on external security zone while the subnets on internal security zone configured with the default route pointing to CSR (internal interface) and CSR's external interface pointing its default into another AWS Internet GW. Or maybe it's better to use the same AWS IGW for both? In any case, I've found a lot of useful information in the posted document. That saved me time.
... View more
it's because of the fragmentation and VFR enabled on the router. Try the workaround. Disable VFR on all interfaces (no ip virtual-reassembly"), or just on these where the command "show ip virtual-reassembly" shows you reassembly count > 0
... View more