When first starting to work with AWS networking I obviously ran into the term Route Propagation. Similar to nearly all layer 3 IP devices, routes in AWS route tables are populated with either manual static routes or the routes are dynamically populated from an outside neighbor or source. Typically when talking about dynamically populated routing tables the topic is about widely used routing protocols such as OSPF or BGP, and with AWS the only traditional routing protocol we can use is BGP.

In the AWS networking world Route Propagation comes into play when connecting an on premises network to an AWS Virtual Private Cloud (VPC). When using an IPSEC tunnel for connectivity, we have the routing options of Dynamic or Static.

Option when creating Site to Site IPSEC Tunnel in AWS Console

If Dynamic is selected then the on premises device (router, firewall, load balancer, etc.) needs to support BGP. After the tunnel is established, the operator then sets up BGP peering over the connection, and barring Route Propagation is enabled on the AWS side, routes are advertised between the on premises and AWS VPC routing tables. Routing protocol advertisements feel very natural to someone working in the networking space which ultimately led me to believe the term Propagation is AWS’ way of saying Advertisement. This is not quite true, Route Propagation can actually be used with the ‘Static’ option as well.

When the Static Routing option is selected for IPSEC site to site connectivity, the operator will get the option to add some Static IP Prefixes into the configuration. After the connection is built and the Virtual Private Gateway is attached to the proper VPC, we’ll find that some routes need to be added into the VPC routing table in order to route traffic over the new connection.

AWS Console – Static Routing IPSEC VPN Configuration
AWS Console – Empty Route Table – Zero Static Routes

If we select the tab for Route Propagation under the route table we can see that there is an option to enable this feature with the Virtual Private Gateway. Once this feature is enabled, then the static routes added into the VPN configuration are automatically placed into the routing table.

AWS Console – VGW Route Propagation Configuration
AWS Console – VPC Route Table with Static Route Propagation

So ultimately AWS Route Propagation is not exactly like a traditional routing protocol advertisement. Route Propagation is used with AWS Virtual Private Gateways to populate routing tables in conjunction with the Site-To-Site VPN configuration. For instance with AWS’ static routing option, any routing table associated with a VPC that has an attached Virtual Private Gateway can have Route Propagation enabled. Once enabled that routing table will dynamically receive the routes from the tunnel prefix configuration.

I ran into someone’s VPC route table with both Propagated and Static routes going to the same destination, which lead me into figuring out what AWS meant by this term. The person who setup a VPN tunnel added static routes manually and then later on for whatever reason Route Propagation was turned on. In the tunnel configuration prefixes were already added which resulted in the Static and Propagated routes showing in the VPC route table.

This post did not talk about Direct Connect, but Direct Connect does use the same Route Propagation terminology.

Published by Yup2k

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s