Understanding Route Aggregation in VMC on AWS
Introduction
In VMC on AWS 1.18 the ability to configure route aggregation was introduced. This feature enables customers to have additional control of the way their SDDC route tables are advertised to external entities. Route aggregation allows customers to aggregate, also referred to as summarizing network, their SDDC networks into a smaller number of route table entries. This can be helpful when more networks need to be advertised than can be accommodated in the external route tables. Additionally, the use of customer created T1s requires the use of route aggregation to advertise networks connected to the new T1s. Route aggregation can be configured independently for different endpoints and adds a layer of flexibility. Route aggregations are configured in the NSX Manager -> Networking -> Global Configuration -> Route Aggregation page or via API.
|
General Considerations |
|
|
Documentation Reference |
|
|
Scalability |
|
|
Last Updated |
September 2022 |
Considerations
Route aggregation can be applied to two different endpoints in the SDDC. The first is the INTRANET interface which is where a Direct Connect and/or VMware Transit Connect attach to the SDDC. The second interface is the SERVICES interface which is where the Connected VPC attaches to the SDDC. Independent prefix lists can be configured for each endpoint providing flexibility in external routing configuration.
When a route aggregation is configured on an endpoint it is added to the appropriate external route table. Careful understanding of the networks contained in the aggregation is advised as an inaccurate CIDR may impact reachability to networks in on-premises or other SDDCs. It is recommended to use a subnet calculator if you are usure what networks are included in a CIDR.
The management CIDR of the SDDC cannot be part of an aggregation, it will always be advertised separately from any aggregations. Creation of a Route Configuration that uses a Prefix List with a CIDR that overlaps with the management CIDR will fail.
Compute Gateway firewall policies must be configured to allow traffic into and out of the SDDC, independent of route aggregations configured.
SERVICES Endpoint Route Aggregation Considerations
Configuring a route aggregation to be used on the SERVICES endpoint to the Connected VPC requires the enablement of Managed Prefix List Mode before the Route Configuration can be applied to the SERVICES endpoint. Failure to enable Managed Prefix List Mode will display an error when applying the Route Configuration.
In the Connected VPC Advertised routes window, aggregations applied to the SERVICES endpoint will show the “Aggregated” attribute. This attribute is local to the SDDC and will not be observed outside of the SDDC. It is a helpful operational flag to quickly identify active aggregations. The figure below shows an example of the aggregation flag.
INTRANET Endpoint Route Aggregation Considerations
In the Transit Connect or in the Direct Connect Advertised routes window, aggregations applied to the INTRANET endpoint will show the “Aggregated” attribute. This attribute is local to the SDDC and will not be observed outside of the SDDC. It is a helpful operational flag to quickly identify active aggregations. The figure below shows an example of the aggregation flag in the Transit Connect page.
Summary
The route aggregation feature is a powerful tool for the network administrator. The ability to control the external route tables for the SERVICES and INTRANET endpoints opens a new level of control. Route aggregation is required to enable external connectivity for customer created T1s and their networks. Challenges such as limited scalability of external route table sizes can be alleviated with careful use of route aggregation.