AWS BGP Route Limit

How to handle BGP route limitation in AWS

Example how to handle BGP route limitation in AWS using route aggregation and route map


AWS Limit

One of AWS limits is BGP route number restriction. You can't have more then 100 route propageted by your router through VPN or Direct Connect link. Check all limits here. In this case 101st route will be dropped.


Network diagram



AWS - router inside AWS. This router simulates router inside AWS - minimum configuration available
R4 - router where Direct connect link is terminated
Two other routers represents WAN network with multiple subnets. Used also to test route propagation inside wide network.


Assumptions:
- We have multiple 10.x.x.x, 172.16.x.x and 192.168.x.x networks (more then 100)
- We want to aggregate all private subnets into 3 routes
- This configuration can't change existing routing tables on all routers (aggragation must be done only on AWS router)
- In this example we are using iBGP in our network


R4 Configuration


router bgp 100
no synchronization
bgp log-neighbor-changes

# route aggragation

aggregate-address 10.0.0.0 255.0.0.0
aggregate-address 172.16.0.0 255.240.0.0
aggregate-address 192.168.0.0 255.255.0.0

redistribute connected


# connection with AWS router. Notice route map

neighbor 172.21.14.1 remote-as 200
neighbor 172.21.14.1 route-map RMAWS out

# iBGP neighbors, this is our network. Notice route map

neighbor 172.21.42.2 remote-as 100
neighbor 172.21.42.2 route-map RM out
neighbor 172.21.43.2 remote-as 100
neighbor 172.21.43.2 route-map RM out
no auto-summary



# Prefix list. In this case we are allowing only 3 aggragated routes
# Other more specific routes will be dropped
# Without this step on AWS router we will have all our routes plus 3 new aggregated ones

ip prefix-list AWS seq 10 permit 10.0.0.0/8
ip prefix-list AWS seq 20 permit 192.168.0.0/16
ip prefix-list AWS seq 30 permit 172.16.0.0/12
ip prefix-list AWS seq 100 deny 0.0.0.0/0 le 32


# This route map is attached to AWS neighbour

route-map RMAWS permit 10
match ip address prefix-list AWS


# Aggragation will add 3 new routes on all our routers
# If we have default route propagation this can cause problem
# We want to prevent route table modification on all iBGP routers


ip prefix-list AGG seq 10 deny 10.0.0.0/8
ip prefix-list AGG seq 20 deny 192.168.0.0/16
ip prefix-list AGG seq 30 deny 172.16.0.0/12
ip prefix-list AGG seq 100 permit 0.0.0.0/0 le 32


# This route map is attached it iBGP routers

route-map RM permit 10
match ip address prefix-list AGG


Final routing tables

AWS router:
- We have only 3 router received from R4 (check also show ip bgp summary command)
- Directly connected routes represent AWS subnets





R4 router:
Note aggregated routes



Route maps check:





R2 (iBGP neighbor)
Note that aggregated routes are not present