Route default over AWS Transit Gateway VPN over an AWS Direct Connect
pgmac last edited by
We have an XG-7100 configured to make a Direct Connect through to AWS (via Megaport) to a Public VIF. This routes all of AWS's public-facing networks (AS 7224) over the Direct Connect using BGP. This is working quite nicely.
Over this, we have a Transit Gateway VPN connection. This gives us access to our VPC's in our AWS accounts. The AWS Networks are also advertised via BGP. This is also working quite nicely.
We'd like to also route our default gateway over the DC+VPN connection.
We've added the 0.0.0.0/0 network to one of our VPC's attached to the Transit Gateway and is being advertised back to our XG-7100 via BGP.
We configured the XG-7100 to have no default gateway. Now it uses the BGP advertised 0.0.0.0/0 network as the default gateway.
There are several VLAN interfaces configured (ix0.800, ix1.20, ix1.21, ix.22. etc) with IP addresses. The base interfaces (ix0, ix1, etc) are NOT configured.
All configured interfaces have the "Block private networks and loopback addresses" and "Block bogon networks" options disabled.
The Megaport Direct Connect to AWS Public VIF connection is configured on the ix0.800 interface.
The AWS VPN link-local addresses are an IP Alias to the lo0 loopback/localhost interface.
The VPN IPSec Phase 1 is configured on ix0.800 interface.
The VPN IPSec Phase 2 connections are configured against the link-local addresses and each of the ix1.20, etc interfaces using 0.0.0.0/0 as the remote network.
Devices behind the XG-7100 can successfully browse the internet.
However, the XG-7100 itself is unable to access the internet.
A ping from the XG-7100 Diagnostic page returns the following:
PING 126.96.36.199 (188.8.131.52): 56 data bytes 36 bytes from localhost (127.0.0.1): Time to live exceeded Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 f22c 0 0000 01 01 0000 169.254.33.246 184.108.40.206 36 bytes from localhost (127.0.0.1): Time to live exceeded Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 a7ac 0 0000 01 01 0000 169.254.33.246 220.127.116.11 36 bytes from localhost (127.0.0.1): Time to live exceeded Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 c3e5 0 0000 01 01 0000 169.254.33.246 18.104.22.168 --- 22.214.171.124 ping statistics --- 3 packets transmitted, 0 packets received, 100.0% packet loss
A traceroute from the XG-7100 Diagnostic page returns the following message:
Error: 126.96.36.199 could not be traced/resolved
A traceroute the XG-7100 command prompt (via ssh), returns the following:
traceroute: findsaddr: failed to connect to peer for src addr selection.
Any help getting the XG-7100 configured to access the internet directly would be greatly appreciated.
Please let me know if you require any further information or details. I can provide some config and logs if/when required, too.