AWS Routing

When you deploy an AWS Site it will automatically configure the “Internal” subnet to use the F5 Distributed Cloud Gateway as its default gateway.

As an optional exercise you can verify this in the AWS Console by looking at the Route Table associated with the Internal Subnet.

../../_images/aws-route-table.png

Modify AWS Site Network Config

We need to connect the AWS site to the “Global Network” that we previously created. By default it will SNAT all traffic that originates from the AWS site.

  1. Go to Cloud and Edge Sites context

  2. Go to Manage -> Site Management -> AWS VPC Sites

  3. Scroll to the right of your AWS site and click on the three dots “…” to select “Manage Configuration”

  4. Under “Networking Config” click on “Configure” next to (Ingress/Egress Gateway (2 interfaces))

    This will open a new sub menu.

  5. Next to “Advanced Options” click on “Show Advanced Fields”

  6. Change “Do Not Connect Global Networks” to “Connect Global Networks”.

  7. Then click on “Configure” under “Global Network Connections”

  8. Click Add Item

    • Select Network Connection Type: Direct, Site Local Inside to a Global Network

    • Global Virtual Network: system/[unique name]-global

    • Click on Apply

    • Select “Manage Static Routes” for “Managed Static Routes for Inside Network”

      • Select “Simple Static Route” (default)

      • Simple Static Route: 10.0.3.0/24

  9. Click on Apply and save your changes.


Verify Routes

You can verify that the routes have been applied by using the “Tools” that is part of your site in F5 Distributed Cloud Console.

  1. When viewing your site click on “Tools” (far right, you may need to scroll).

  2. Select the tool “Show Routes”.

  3. For “Virtual Network Type” specify “VIRTUAL_NETWORK_SITE_LOCAL_INSIDE”.

  4. Click on “Show routes”.

You should get JSON ouput. In particular look for an entry for 10.1.20.0/24. The entry for 10.1.20.6/32 is for the F5 Distributed Cloud Gateway in UDF.

...
    {
        "prefix": "10.1.20.0/24",
        "nh": 91,
        "flags": "",
        "label": 263,
        "nh_info": "Mpls Tunnel to 10.101.82.12, encapsulation type MPLSoUDP"
    },
    {
        "prefix": "10.1.20.6/32",
        "nh": 91,
        "flags": "",
        "label": 263,
        "nh_info": "Mpls Tunnel to 10.101.82.12, encapsulation type MPLSoUDP"
    },
...