AWS Cloud WAN peerings and routing - AWS Network Manager
Route evaluationLimitationsCreate a peeringView peering detailsDelete a peeringEdit peering tags

AWS Cloud WAN peerings and routing

AWS Cloud WAN peering connections allow you to interconnect your core network edge with an AWS Transit Gateway in the same Region. Peering connections between Cloud WAN and transit gateways support dynamic routing with automatic exchange of routes using BGP. You can use route table attachments on the peering connection to selectively exchange routes between a specific transit gateway route table and a Cloud WAN network segment for end-to-end segmentation and network isolation.

The peering connection supports policy-based routing to implement segment isolation across peering connections. Using this capability, routes are selectively propagated between a route table in transit gateway and a core network segment. You first need to create the peering connection and associate a policy table to the transit gateway peering attachment. A policy table contains rules for matching network traffic by a specific route table or segment, and then maps traffic that matches the rule to a target route table for determining routing behavior.

When you create a peering connection, you can either create a new policy table or use an existing policy table for association with the peering attachment. As you create your route table attachments, the policy table is populated automatically with the policy rules that match network traffic by a segment or routing domain, and then maps the traffic that matches the rule to a target route table. For more information about transit gateway peering, see Transit gateway peering attachments in the AWS Transit Gateway Guide.

Route evaluation

Limits apply when creating a transit gateway peering connection between your transit gateways in AWS Cloud WAN.

Cloud WAN evaluates routes in the following order:

  1. The most specific route for the destination

  2. For routes with the same destination IP address, but different targets, the following route priority is used:

    1. Static routes

    2. VPC-propagated routes in the same Region.

    3. For dynamic routes received at the core network with an unequal AS path length and/or MED BGP attributes, Cloud WAN evaluates them in the following order:

      1. AS path length

      2. MED

    4. For dynamic routes received at the core network with equal AS path length and MED BGP attributes, Cloud WAN evaluates them in the following order:

      1. Cloud WAN Connect-propagates routes in the same Region.

      2. Site-to-Site VPN-propagated routes in the same Region.

      3. Routes propagated from other sources, such as transit gateway peering (which also includes AWS Direct Connect gateway-propagated routes) and core network edges in other remote Regions over the AWS global infrastructure. If identical routes are received from two or more sources, a single attachment will be chosen in a deterministically random manner.

Limitations

Limits apply when creating a transit gateway peering connection between your transit gateways in AWS Cloud WAN.

The following limitations apply when creating a peering:

  • A transit gateway used for peering must be in the same Region as the core network.

  • The Autonomous System Number (ASN) of a transit gateway and the core network must be different.

  • A transit gateway connection to Cloud WAN only supports dynamically propagated routes. An error is returned if you try to add a static route.

Create a peering

Create a transit gateway peering.

Important

Before creating a peering, make sure that the account you use to create the peering has the following permissions:

  • ec2:CreateTransitGatewayPolicyTable

  • ec2:AcceptTransistGatewayPeering

  • ec2:AssociateTransitGatewayPolicyTable

To create a peering

  1. Access the Network Manager console at https://console.aws.amazon.com/networkmanager/home/.

  2. Under Connectivity, choose Global Networks.

  3. On the Global networks page, choose the global network ID.

  4. Under Core network in the navigation pane, choose Peerings.

  5. Choose Create peering.

  6. (Optional) Enter a name identifying the peering.

  7. From the Edge location dropdown list, choose the edge location where the peering is located.

  8. From the Transit gateway dropdown list, choose a transit gateway to be used for the peering.

    Note

    The core ASN and the transit gateway ASN must be unique. ASNs must be unique for peerings to succeed.

  9. Choose one of the following Associate policy table options:

    • New — Creates a new policy routing table.

    • Existing — Allows you to associate this peering with an existing policy table. If you choose this option, you'll be prompted to choose an existing Transit gateway policy table to associate with the peering. For information on creating a transit gateway policy table, see Transit Gateway policy tables in the AWS Transit Gateway Guide.

  10. (Optional) If the transit gateway is not registered in your global network, choose Register the specific transit gateway to the global network to simultaneously register the transit gateway to the global network. If your transit gateway is already registered, this option does not display.

  11. (Optional) In the Tags section, add Key and Value tags to help identify this resource. You can add multiple tags by choosing Add tag, or remove any tag by choosing Remove tag.

  12. Choose Create peering.

    The Create peering progress displays the current status of the peering deployment. When deployment is complete, the State of the peering on the Peerings page displays Available. You can then use this peering to create a transit gateway route table attachment. See Add a transit gateway route table attachment

View peering details

View information about a transit gateway used for peering.

To view peering details

  1. Access the Network Manager console at https://console.aws.amazon.com/networkmanager/home/.

  2. Under Connectivity, choose Global Networks.

  3. On the Global networks page, choose the global network ID.

  4. Under Core network in the navigation pane, choose Peerings.

  5. Choose the Peering ID of the peer that you want to view details for.

  6. In the Details section, choose the Resource ID link.

    The Transit gateways page appears in a new window. Depending on your permissions, you can add or modify your transit gateways or transit gateway route tables. For more information on working with transit gateways, see the AWS Transit Gateway Guide.

Delete a peering

Delete a transit gateway peering.

To delete a peering

  1. Access the Network Manager console at https://console.aws.amazon.com/networkmanager/home/.

  2. Under Connectivity, choose Global Networks.

  3. On the Global networks page, choose the global network ID.

  4. Under Core network in the navigation pane, choose Peerings.

  5. Choose the Peering ID of the peer that you want to delete.

  6. Choose Delete.

  7. In the confirmation box, choose Delete.

    The Peering page displays a confirmation that you deleted the transit gateway peering.

Edit peering tags

Edit the tags that are associated with transit gateway peering.

To edit peering tags

  1. Access the Network Manager console at https://console.aws.amazon.com/networkmanager/home/.

  2. Under Connectivity, choose Global Networks.

  3. On the Global networks page, choose the global network ID.

  4. Under Core network in the navigation pane, choose Peerings.

  5. Choose the Peering ID of the peer that you want to add or modify tags for.

  6. In the Peering name section, choose the Tags tab.

  7. Choose Edit tags.

  8. Do any of the following:

    • To add a new tag, choose Add tag, and then add a new Key and Value.

    • To remove an existing tag, choose Remove tag for the tag that you want to delete.

    • To edit an existing tag, change the Key or Value text as needed.

  9. Choose Edit tags.