Understanding Route Aggregation in VMC on AWS

September 16, 2022

Introduction

In VMC on AWS 1.18 the ability to configure route aggregation was introduced. This feature enables customers to have additional control of the way their SDDC route tables are advertised to external entities. Route aggregation allows customers to aggregate, also referred to as summarizing network, their SDDC networks into a smaller number of route table entries. This can be helpful when more networks need to be advertised than can be accommodated in the external route tables. Additionally, the use of customer created T1s requires the use of route aggregation to advertise networks connected to the new T1s. Route aggregation can be configured independently for different endpoints and adds a layer of flexibility. Route aggregations are configured in the NSX Manager -> Networking -> Global Configuration -> Route Aggregation page or via API.

General Considerations

  • Route aggregations are always advertised to their respective endpoint, even if the SDDC does not contain any networks the aggregation represents.
  • Route aggregation is required for networks connected to customer created T1s to be advertised to external endpoints
  • NAT CIDRs for customer created T1s need to be included in the aggregation if they are to be reachable outside of the SDDC
  • Multiple aggregations can be configured for non-contiguous networks
  • To send route aggregations into the Connected VPC requires the use of Managed Prefix List Mode
  • When a route aggregation is created, more specific networks that are contained in the range of the aggregation will no longer be advertised to the endpoint where the aggregation is applied

Documentation Reference

Summarize and Aggregate Routes

Multiple T1 Configuration

Managed Prefix List Mode

Scalability

ConfigMax

Last Updated

September 2022

Considerations

Route aggregation can be applied to two different endpoints in the SDDC. The first is the INTRANET interface which is where a Direct Connect and/or VMware Transit Connect attach to the SDDC. The second interface is the SERVICES interface which is where the Connected VPC attaches to the SDDC. Independent prefix lists can be configured for each endpoint providing flexibility in external routing configuration.

When a route aggregation is configured on an endpoint it is added to the appropriate external route table. Careful understanding of the networks contained in the aggregation is advised as an inaccurate CIDR may impact reachability to networks in on-premises or other SDDCs. It is recommended to use a subnet calculator if you are usure what networks are included in a CIDR.

The management CIDR of the SDDC cannot be part of an aggregation, it will always be advertised separately from any aggregations. Creation of a Route Configuration that uses a Prefix List with a CIDR that overlaps with the management CIDR will fail.

Compute Gateway firewall policies must be configured to allow traffic into and out of the SDDC, independent of route aggregations configured.

SERVICES Endpoint Route Aggregation Considerations

Configuring a route aggregation to be used on the SERVICES endpoint to the Connected VPC requires the enablement of Managed Prefix List Mode before the Route Configuration can be applied to the SERVICES endpoint. Failure to enable Managed Prefix List Mode will display an error when applying the Route Configuration.

In the Connected VPC Advertised routes window, aggregations applied to the SERVICES endpoint will show the “Aggregated” attribute. This attribute is local to the SDDC and will not be observed outside of the SDDC. It is a helpful operational flag to quickly identify active aggregations. The figure below shows an example of the aggregation flag.

Connected VPC Aggregation

INTRANET Endpoint Route Aggregation Considerations

In the Transit Connect or in the Direct Connect Advertised routes window, aggregations applied to the INTRANET endpoint will show the “Aggregated” attribute. This attribute is local to the SDDC and will not be observed outside of the SDDC. It is a helpful operational flag to quickly identify active aggregations. The figure below shows an example of the aggregation flag in the Transit Connect page.

VTGW Aggregation

Summary

The route aggregation feature is a powerful tool for the network administrator. The ability to control the external route tables for the SERVICES and INTRANET endpoints opens a new level of control. Route aggregation is required to enable external connectivity for customer created T1s and their networks. Challenges such as limited scalability of external route table sizes can be alleviated with careful use of route aggregation.

Filter Tags

General Networking NSX VMware Cloud on AWS Blog Document Reference Architecture Technical Guide Technical Overview Architecture Designlets Networking Intermediate Design Deploy Manage Optimize