Virtual Private Gateway - Bring your own Autonomous System Number Flashcards
Does ClassicLink allow EC2-Classic Security Group rules to reference VPC Security Groups, or vice versa?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
ClassicLink does not allow EC2-Classic Security Group rules to reference VPC Security Groups, or vice versa.
What is this feature?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
For any new VGWs, configurable Private Autonomous System Number(ASN) allows customers to set the ASN on the Amazon side of the BGP session for VPNs and AWS Direct Connect private VIFs .
What is the cost of using this feature?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
There is no additional charge for this feature.
How can I configure/assign my ASN to be advertised as Amazon side ASN?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
You can configure/assign an ASN to be advertised as the Amazon side ASN during creation of the new Virtual Private Gateway (VGW). You can create a VGW using the VPC console or a EC2/CreateVpnGateway API call.
What ASN did Amazon assign prior to this feature?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
Amazon assigned the following ASNs: EU West (Dublin) 9059; Asia Pacific (Singapore) 17493 and Asia Pacific (Tokyo) 10124. All other regions were assigned an ASN of 7224; these ASNs are referred as “legacy public ASN” of the region.
Can I use any ASN – public and private?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
You can assign any private ASN to the Amazon side. You can assign the “legacy public ASN” of the region until June 30th 2018, you cannot assign any other public ASN. After June 30th 2018, Amazon will provide an ASN of 64512.
Why can’t I assign a public ASN for the Amazon half of the BGP session?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
Amazon is not validating ownership of the ASNs, therefore, we’re limiting the Amazon-side ASN to private ASNs. We want to protect customers from BGP spoofing.
What ASN can I choose?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
You can choose any private ASN. Ranges for 16-bit private ASNs include 64512 to 65534. You can also provide 32-bit ASNs between 4200000000 and 4294967294.
Amazon will provide a default ASN for the VGW if you don’t choose one. Until June 30th 2018, Amazon will continue to provide the “legacy public ASN” of the region. After June 30th 2018, Amazon will provide an ASN of 64512.
What will happen if I try to assign a public ASN to the Amazon half of the BGP session?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
We will ask you to re-enter a private ASN once you attempt to create the VGW, unless it is the “legacy public ASN” of the region.
If I don’t provide an ASN for the Amazon half of the BGP session, what ASN can I expect Amazon to assign to me?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
Amazon will provide an ASN for the VGW if you don’t choose one. Until June 30th 2018, Amazon will continue to provide the “legacy public ASN” of the region. After June 30th 2018, Amazon will provide an ASN of 64512.
Where can I view the Amazon side ASN?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
You can view the Amazon side ASN in the VGW page of VPC console and in the response of EC2/DescribeVpnGateways API.
If I have a public ASN, will it work with a private ASN on the AWS side?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
Yes, you can configure the Amazon side of the BGP session with a private ASN and your side with a public ASN.
I have private VIFs already configured and want to set a different Amazon side ASN for the BGP session on an existing VIF. How can I make this change?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
You will need to create a new VGW with desired ASN, and create a new VIF with the newly created VGW. Your device configuration also needs to change appropriately.
I have VPN connections already configured and want to modify the Amazon side ASN for the BGP session of these VPNs. How can I make this change?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
You will need to create a new VGW with the desired ASN, and recreate your VPN connections between your Customer Gateways and the newly created VGW.
I already have a VGW and a private VIF/VPN connection configured using an Amazon assigned public ASN of 7224. If Amazon automatically generates the ASN for the new private VGW, what Amazon side ASN will I be assigned?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
Amazon will assign 64512 to the Amazon side ASN for the new VGW.
I have a VGW and a private VIF/VPN connection configured using an Amazon assigned public ASN. I want to use the same Amazon assigned public ASN for the new private VIF/VPN connection I’m creating. How do I do this?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
You can configure/assign an ASN to be advertised as the Amazon side ASN during creation of the new Virtual Private Gateway (VGW). You can create VGW using console or EC2/CreateVpnGateway API call. As noted earlier, we will allow the use of the “legacy public ASN” for your newly created VGW.
I have a VGW and a private VIF/VPN connection configured using an Amazon assigned public ASN of 7224. If Amazon auto generates the ASN for the new private VIF/VPN connection using the same VGW, what Amazon side ASN will I be assigned?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
Amazon will assign 7224 to the Amazon side ASN for the new VIF/VPN connection. The Amazon side ASN for your new private VIF/VPN connection is inherited from your existing VGW and defaults to that ASN.
I’m attaching multiple private VIFs to a single VGW. Can each VIF have a separate Amazon side ASN?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
No, you can assign/configure separate Amazon side ASN for each VGW, not each VIF. Amazon side ASN for VIF is inherited from the Amazon side ASN of the attached VGW.
I’m creating multiple VPN connections to a single VGW. Can each VPN connection have a separate Amazon side ASN?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
No, you can assign/configure separate Amazon side ASN for each VGW, not each VPN connection. Amazon side ASN for VPN connection is inherited from the Amazon side ASN of the VGW.
Where can I select my own ASN?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
When creating a VGW in the VPC console, uncheck the box asking if you want an auto-generated Amazon BGP ASN and provide your own private ASN for the Amazon half of the BGP session. Once VGW is configured with Amazon side ASN, the private VIFs or VPN connections created using the VGW will use your Amazon side ASN.
I use CloudHub today. Will I have to adjust my configurations in the future?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
You will not have to make any changes.
I want to select a 32-bit ASN. What is the range of 32-bit private ASNs?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
We will support 32-bit ASNs from 4200000000 to 4294967294.
Once the VGW is created, can I change or modify the Amazon side ASN?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
No, you cannot modify the Amazon side ASN after creation. You can delete the VGW and recreate a new VGW with the desired ASN.
Is there a new API to configure/assign the Amazon side ASN?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
No. You can do this with the same API as before (EC2/CreateVpnGateway). We just added a new parameter (amazonSideAsn) to this API.
