Virtual Private Gateway - Bring your own Autonomous System Number Flashcards
Does ClassicLink allow EC2-Classic Security Group rules to reference VPC Security Groups, or vice versa?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
ClassicLink does not allow EC2-Classic Security Group rules to reference VPC Security Groups, or vice versa.
What is this feature?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
For any new VGWs, configurable Private Autonomous System Number(ASN) allows customers to set the ASN on the Amazon side of the BGP session for VPNs and AWS Direct Connect private VIFs .
What is the cost of using this feature?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
There is no additional charge for this feature.
How can I configure/assign my ASN to be advertised as Amazon side ASN?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
You can configure/assign an ASN to be advertised as the Amazon side ASN during creation of the new Virtual Private Gateway (VGW). You can create a VGW using the VPC console or a EC2/CreateVpnGateway API call.
What ASN did Amazon assign prior to this feature?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
Amazon assigned the following ASNs: EU West (Dublin) 9059; Asia Pacific (Singapore) 17493 and Asia Pacific (Tokyo) 10124. All other regions were assigned an ASN of 7224; these ASNs are referred as “legacy public ASN” of the region.
Can I use any ASN – public and private?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
You can assign any private ASN to the Amazon side. You can assign the “legacy public ASN” of the region until June 30th 2018, you cannot assign any other public ASN. After June 30th 2018, Amazon will provide an ASN of 64512.
Why can’t I assign a public ASN for the Amazon half of the BGP session?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
Amazon is not validating ownership of the ASNs, therefore, we’re limiting the Amazon-side ASN to private ASNs. We want to protect customers from BGP spoofing.
What ASN can I choose?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
You can choose any private ASN. Ranges for 16-bit private ASNs include 64512 to 65534. You can also provide 32-bit ASNs between 4200000000 and 4294967294.
Amazon will provide a default ASN for the VGW if you don’t choose one. Until June 30th 2018, Amazon will continue to provide the “legacy public ASN” of the region. After June 30th 2018, Amazon will provide an ASN of 64512.
What will happen if I try to assign a public ASN to the Amazon half of the BGP session?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
We will ask you to re-enter a private ASN once you attempt to create the VGW, unless it is the “legacy public ASN” of the region.
If I don’t provide an ASN for the Amazon half of the BGP session, what ASN can I expect Amazon to assign to me?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
Amazon will provide an ASN for the VGW if you don’t choose one. Until June 30th 2018, Amazon will continue to provide the “legacy public ASN” of the region. After June 30th 2018, Amazon will provide an ASN of 64512.
Where can I view the Amazon side ASN?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
You can view the Amazon side ASN in the VGW page of VPC console and in the response of EC2/DescribeVpnGateways API.
If I have a public ASN, will it work with a private ASN on the AWS side?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
Yes, you can configure the Amazon side of the BGP session with a private ASN and your side with a public ASN.
I have private VIFs already configured and want to set a different Amazon side ASN for the BGP session on an existing VIF. How can I make this change?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
You will need to create a new VGW with desired ASN, and create a new VIF with the newly created VGW. Your device configuration also needs to change appropriately.
I have VPN connections already configured and want to modify the Amazon side ASN for the BGP session of these VPNs. How can I make this change?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
You will need to create a new VGW with the desired ASN, and recreate your VPN connections between your Customer Gateways and the newly created VGW.
I already have a VGW and a private VIF/VPN connection configured using an Amazon assigned public ASN of 7224. If Amazon automatically generates the ASN for the new private VGW, what Amazon side ASN will I be assigned?
Virtual Private Gateway - Bring your own Autonomous System Number
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
Amazon will assign 64512 to the Amazon side ASN for the new VGW.