1. Home
  2. Training Library
  3. Networking, Connectivity, and Content Delivery (SAP-C02)

Working with BGP in AWS


Course Introduction
VPC Fundamentals
What is a VPC?
PREVIEW16m 20s
VPC Security and Control
VPC Connectivity
VPC Sharing using the AWS Resource Access Manager
Understanding Direct Connect, Implementation and Configuration
Why Direct Connect?
5m 25s
Understanding AWS Direct Connect - Connectivity Options

The course is part of this learning path

Instructor: Mike Brown

Working with BGP in AWS

The Border Gateway Protocol (BGP) is classed as an Exterior Gateway routing protocol, It is the protocol that is used on the internet backbone to keep internet routers up-to-date and it is the protocol that is used by cloud providers such as AWS as the dynamic routing protocol for hybrid network connectivity.

For basic BGP connectivity you need a neighbor relationship to be formed between your on premise router and the AWS VPN or Direct connect. Unique ASN numbers for both ends of the connection are used to create the neighbor relationship

Regarding ASN numbers you can accept numbers assigned by AWS or you can configure your own. ASN numbers are assigned from public ranges which you must own or private ranges that anybody can use. Most organizations integrating with AWS use private ASN numbers from the range 64512 to 65534.

You have to configure your on premise device but essentially for a basic relationship that is it:

  • Get your ASNs correct

  • Configure Dynamic Routing on your AWS customer Gateway and VPN or Direct connect connection

  • Configure your on-premise device

For more complex deployments you might want to customize your BGP deployment, there is little you can do on the AWS side of the relationship but on your device you can configure BGP attributes that tune your BGP relationship with AWS and allow you to influence the direction that IP packets use.

Attributes such as:

  • Local Preference

  • AS Path Length

  • MED

Local Preference

Local Preference is a value shared between your BGP routers, it is not shared with your neighbors. The Local Preference influences your path out of your Autonomous System (AS) to a remote network. It is particularly useful when you have multiple paths to a destination and you want traffic to travel out over a specific path. Local Preference values are assigned to prefixes, the higher a value to more preferred a path is.

AS Path Length

When sharing prefixes with BGP neighbors, we share the AS numbers that have shared that prefix. These AS numbers form a list so if a prefix has been through two autonomous systems it might be advertised as coming from, AS65001: AS65002

If it has come through three autonomous systems it might be advertised as coming from AS65001:AS65002:AS65003

If a BGP device has two paths to get to a remote network it might prefer the path through the fewest number of autonomous systems.

When working with BGP we can use AS Path Prepending, this is when you pad an AS Path Length before advertising a prefix to a neighbor, this can help influence that neighbor's decision on how to get to a particular remote network. So a prefix that has come through two autonomous systems such as AS65001;AS65002  can be padded to make it look less desirable. 

When advertised by our BGP devices we might advertise a prefix as coming from AS65001:AS65001:AS65002 instead of AS65001;AS65002 making the path seem less desirable for a remote BGP router.

Multi-exit Discriminator

Multi-exit Discriminator (MED) can help you to influence how your BGP neighbors route traffic to your AS. You advertise a MED value through your BGP devices to a neighbor such as AWS

If you advertise a MED of 200 from one of your BGP devices and a MED of 300 from another of your BGP devices then the path using the lowest MED is prefered.

BGP attributes are assessed in order, not all are required and there are many more not listed here. Using the three attributes here the order of preference and therefore the order in which the attributes are used to make a routing decision would be:

  1. Local Preference

  2. AS Path Length

  3. MED

These attributes are important to get right if you have multiple paths used to connect to AWS or if you have BGP relationships with other cloud providers or internet organizations. If you have a single path to AWS then a basic BGP deployment will suffice.

3h 20m

This section of the AWS Certified Solutions Architect - Professional learning path introduces you to the core networking concepts and services relevant to the SAP-C02 exam. We start with an introduction to the AWS Virtual Private Network (VPC) and networking services. We then understand the options available and learn how to select and apply AWS networking, DNS, and content delivery services to meet specific design scenarios relevant to the AWS Certified Solutions Architect - Professional exam. 

Want more? Try a Lab Playground or do a Lab Challenge

Learning Objectives

  • Get a foundational understanding of VPCs, their security, and connectivity
  • Learn about VPC sharing using the AWS Resource Access Manager
  • Discover inter-regional and intra-regional communication patterns in AWS
  • Learn about AWS Direct Connect, along with its implementation, configuration, and connectivity options
  • Understand routing in AWS, including static and dynamic routing
  • Understand the basics of networking, including Elastic IP addresses, Elastic Network Interfaces, networking with EC2, VPC endpoints, and AWS Global Accelerator
  • Learn about the DNS and content delivery services Amazon Route 53 and Amazon CloudFront
About the Author
Learning Paths

Danny has over 20 years of IT experience as a software developer, cloud engineer, and technical trainer. After attending a conference on cloud computing in 2009, he knew he wanted to build his career around what was still a very new, emerging technology at the time — and share this transformational knowledge with others. He has spoken to IT professional audiences at local, regional, and national user groups and conferences. He has delivered in-person classroom and virtual training, interactive webinars, and authored video training courses covering many different technologies, including Amazon Web Services. He currently has six active AWS certifications, including certifications at the Professional and Specialty level.