Working with BGP in AWS
Start course
3h 55m

This section of the AWS Certified Solutions Architect - Professional learning path introduces you to the core networking concepts and services relevant to the SAP-C02 exam. We start with an introduction to the AWS Virtual Private Network (VPC) and networking services. We then understand the options available and learn how to select and apply AWS networking, DNS, and content delivery services to meet specific design scenarios relevant to the AWS Certified Solutions Architect - Professional exam. 

Want more? Try a Lab Playground or do a Lab Challenge

Learning Objectives

  • Get a foundational understanding of VPCs, their security, and connectivity
  • Learn about VPC sharing using the AWS Resource Access Manager
  • Discover inter-regional and intra-regional communication patterns in AWS
  • Learn about AWS Direct Connect, along with its implementation, configuration, and connectivity options
  • Understand routing in AWS, including static and dynamic routing
  • Understand the basics of networking, including Elastic IP addresses, Elastic Network Interfaces, networking with EC2, VPC endpoints, and AWS Global Accelerator
  • Learn about the DNS and content delivery services Amazon Route 53 and Amazon CloudFront

The Border Gateway Protocol is classed as an Exterior Gateway routing protocol. It's the protocol that is used on the Internet backbone to keep Internet routers up-to-date and is the protocol that is used by cloud providers such as AWS as the dynamic routing protocol for hybrid network connectivity. For basic BGP connectivity, you need a neighbor relationship to be formed between your on-premise router and the AWS VPN or Direct connect. Unique ASN numbers for both ends of the connection are used to create the neighbor relationship. Regarding ASN numbers, you can accept numbers assigned by AWS or you can configure your own. ASN numbers are assigned from public ranges, which you must own, or private ranges that anybody can use.

Most organizations integrate in AWS, use private ASN numbers from the range 64512 to 65534. You have to configure your on-premise device. But essentially for basic relationship, that is it. Get your ASNs correct, configure Dynamic Routing on your AWS customer gateway and VPN or Direct Connect connection, and configure your on-premise device. For more complex deployments, you might want to customize your BGP deployments. There is little you can do on the AWS side of relationship. But on your device you can configure BGP attributes that tune your BGP relationship with AWS, allowing to influence the direction the IP packets use. Attributes such as local preference, AS path length, and MED. Local preference is a value shared between your BGP routers. It's not shared with your neighbors. The local preference influences your path out of your autonomous system to remote network.

It is particularly useful when you have multiple paths for destination and you want traffic to travel over a specific path. Local preference values are assigned to prefixes. The higher value the more preferred a path is.  When sharing prefixes with BGP neighbors, we share the AS numbers that have shared that prefix. These AS numbers form a list. So, if a prefix has been through two autonomous systems, it might be advertised as coming from AS65001 and AS65002. If it has come through three autonomous systems, it might be advertised as coming from AS65001, AS65002, and AS65003. If a BGP device has two paths to get to remote network, it might prefer the path through the fewest number of autonomous systems. When working with BGP, we can use AS path prepending. This is when we pad an AS path length before advertising a prefix to a neighbor.

This can help influence that neighbor's decision on how to get to a particular remote network, so that prefix has come through two autonomous systems, such as AS65001 and AS65002, can be padded to make it look less desirable. When advertised by our BGP devices, we might advertise the prefix  is coming from AS65001, AS65001, and AS65002 instead of AS65001 and AS65002. Making the path seem less desirable for remote BGP router. Multi-Exit Discriminator, or MED, can help you to influence how your BGP neighbors route traffic to your AS. You advertise a MED value through your BGP devices to a neighbor such as AWS. If you advertise a MED of 200 from one of your BGP devices and a MED of 300 from another of your BGP devices, then the path using the lowest MED is preferred.

BGP attributes are assessed in order, not all are required, and there are many more not listed here. Using the three attributes here, the order of preference and therefore the order in which the attributes are used to make routing decisions would be local preference, AS path length, then MED. These attributes are important to get right if you have multiple path used to connect to AWS or if you have BGP relationships with other cloud providers or Internet organizations. If you have a single path to AWS then a basic BGP deployment will suffice.


About the Author
Learning Paths

Danny has over 20 years of IT experience as a software developer, cloud engineer, and technical trainer. After attending a conference on cloud computing in 2009, he knew he wanted to build his career around what was still a very new, emerging technology at the time — and share this transformational knowledge with others. He has spoken to IT professional audiences at local, regional, and national user groups and conferences. He has delivered in-person classroom and virtual training, interactive webinars, and authored video training courses covering many different technologies, including Amazon Web Services. He currently has six active AWS certifications, including certifications at the Professional and Specialty level.