AWS Direct Connect BGP Peering Issue Resolution

Resolve BGP Peering Issue with AWS Direct Connect

Prev Question Next Question

Question

A large electric appliance company uses two AWS Direct Connect links from two different routers for connecting to AWS & uses the Amazon S3 bucket to save all user data.

Amazon S3 bucket is created based upon various departments within this company & each of these departments has a unique IP pool assigned to its users by the local IT team.

Recently this company has acquired another firm that also needs access to the Amazon S3 bucket to save their users' data.

IT Team has completed routing of CIDR range of new firm to AWS Direct Connect over both BGP peering.

Post this addition of prefixes, BGP Peering with AWS is showing down.Which of the following can resolve this issue?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer - D.

There is a limit to the number of BGP prefixes advertised on AWS Direct Connect peering.

If the number of BGP prefixes advertised is more than 1000, it will shut down BGP peering impacting all existing traffic.

To resolve this issue, check the number of BGP prefixes advertised to AWS & ensure that count is less than 1000 prefixes.

Option A is incorrect as missing BGP community tags will not shut BGP peering.

Option B is incorrect as with the same ASN, prefixes will not be advertised to AWS, but it will not shut BGP peering.

Option C is incorrect as the opening of the AWS Support ticket is not required for the addition of new prefixes at the AWS end.

All BGP prefixes less than 1000 prefixes are accepted at the AWS end.

For more information on BGP limits for AWS Direct Connect Links, refer to the following URL under section "Prerequisites for Virtual Interfaces".

https://docs.aws.amazon.com/directconnect/latest/UserGuide/WorkingWithVirtualInterfaces.html

The issue at hand is that the BGP peering with AWS is showing down after the IT team completed routing of CIDR range of the new firm to AWS Direct Connect over both BGP peering. This means that the new prefixes are not being accepted by AWS, resulting in the BGP peering being down. To resolve this issue, we need to identify the root cause and take appropriate action.

Option A: BGP Community Tags need to be added for new prefixes. BGP community tags are used to influence the routing decisions of BGP peers. They are used to tag routes with additional information that can be used by other routers to make more informed routing decisions. However, adding BGP community tags will not resolve the issue of BGP peering being down. Therefore, option A is not the correct answer.

Option B: Since the ASN of the new firm is the same as that of AWS, as-override needs to be added in BGP peering. The as-override feature is used to replace the local autonomous system (AS) number with a different AS number in BGP updates. This is useful when merging two networks with the same AS number. In this case, since the ASN of the new firm is the same as that of AWS, as-override needs to be added in BGP peering to ensure that the prefixes are accepted by AWS. Therefore, option B could be the correct answer.

Option C: Open an AWS Support ticket to add new prefixes inbound direction at AWS end. Opening an AWS Support ticket to add new prefixes inbound direction at AWS end is a possible solution. This will involve AWS support adding the new prefixes to their routing table, allowing traffic to flow through the Direct Connect link. However, this solution may take time, and there could be other factors contributing to the BGP peering being down. Therefore, option C may not be the best answer.

Option D: Reduce the number of BGP prefixes below 1000. BGP has a limit on the number of prefixes that can be advertised to a peer. This limit is 1000 prefixes by default. If the number of prefixes exceeds this limit, the BGP peering may go down. However, reducing the number of prefixes below 1000 will not resolve the issue if the root cause is related to the new prefixes from the acquired company. Therefore, option D is not the correct answer.

In conclusion, the most appropriate solution to resolve the issue of the BGP peering being down after adding new prefixes is to add as-override in the BGP peering configuration.