Add a segment action in an AWS Cloud WAN core network policy version
The following steps guide you through optionally setting segment actions for a core network for a policy version using the Policy versions link on the AWS Network Manager console. Before setting segment actions you must first configure your network settings and add one or more segments. For more information, about segment actions, see Segment actions.
Segment sharing
Create a shared segment between two segments.
Segment sharing is bidirectional by default. When you create a segment share between
two segments, routes from both segments are automatically advertised to each other. For
example, you might share a segment named test
with another segment
named dev
. Routes from test
are advertised to
dev
, and vice versa. To make routes in shared segments
unidirectional, create a deny list filter to share routes from one segment to the other,
but not vice versa. Using the previous example, you could make a deny list filter that
prevents routes from test
being advertised to dev
.
For more information on creating the deny list for a segment, see Add a segment to an AWS Cloud WAN core network policy version.
To create a shared segment
Access the Network Manager console at https://console.aws.amazon.com/networkmanager/home/
. -
Under Connectivity choose Cloud WAN.
-
On the Global networks page, choose the global network ID that for the core network you want to create a policy version for, and then choose Core network.
-
In the navigation pane, choose Policy versions.
-
Choose Create policy version.
-
Choose Segment actions - optional.
-
(Optional) In the Sharing section, choose Create, and then do the following:
-
From the Segment dropdown list, choose the core network segment that you want to share.
-
For the Segment filter, choose whether you want to allow all shared routes from other segments, to allow only selected routes, or to deny selected routes. The default is Allow all.
-
Choose Create sharing.
-
Segment routes
Create a segment route for a policy version.
To create a segment route
Access the Network Manager console at https://console.aws.amazon.com/networkmanager/home/
. -
Under Connectivity choose Cloud WAN.
-
On the Global networks page, choose the global network ID that for the core network you want to create a policy version for, and then choose Core network.
-
In the navigation pane, choose Policy versions.
-
Choose Create policy version.
-
Choose Segment actions - optional.
-
(Optional) In the Routes section, choose Create, and then do the following:
-
From the Segment dropdown list, choose the core network segment that you want to share.
-
For Destination CIDR Block, enter a static route. You can enter multiple CIDR blocks by choosing Add for each block that you want to add. Choose Remove for any blocks that you don't want.
Note
You can't leave any blank destination CIDR blocks. Choose Remove to delete any empty blocks.
-
Choose Blackhole if you want to "black hole" the route. If you make this choice, you can't add any attachments to the route.
-
From the Attachments list, choose any attachments that you want to include in this route.
-
Choose Create segment route.
-
-
(Optional) Add Attachment policies. For more information, see Create an attachment policy in an AWS Cloud WAN core network policy version.
-
Choose Create route.
Service insertion
Create a segment route for a policy version.
To set up service insertion for a segment
Access the Network Manager console at https://console.aws.amazon.com/networkmanager/home/
. -
Under Connectivity choose Cloud WAN.
-
On the Global networks page, choose the global network ID that for the core network you want to create a policy version for, and then choose Core network.
-
In the navigation pane, choose Policy versions.
-
Choose Create policy version.
-
Choose Segment actions - optional.
Note
You must first have created your segments and network functions group.
-
If you want to create a service insertion action associated with a network functions group in the Service insertion section, choose Create, and then choose an Action. If you're not creating a service insertion action, this is an optional section.
-
Choose Create service insertion.
-
(Optional) Add Attachment policies. For more information, see Create an attachment policy in an AWS Cloud WAN core network policy version.