About Transit Gateway Routing Policy

This document describes the routing policies for Aviatrix Tpoke Gateways.

Customize Attached Spoke VPC/VNet Route Tables

The Customize Attached Spoke VPC/VNet Route Tables routing policy enables you to customize the attached Spoke VPC/VNet route table entry by specifying a list of comma-separated CIDRs. When a CIDR is specified, automatic route propagation to the attached Spoke(s) VPC/VNet will be disabled, overriding propagated CIDRs from other Spoke and Transit gateways and on-premises network. For example, you could enable this policy for a Spoke VPC/VNet that is customer facing and your customer is propagating routes that may conflict with your on-premises routes.

When this policy is enabled on an Aviatrix Transit Gateway, all Spoke VPCs or VNets route tables are customized.

To disable this policy, leave the CIDRs field empty.

The Customize Attached Spoke VPC/VNet Route Tables policy does not apply to AWS Transit Gateway (TGW) attached Spoke VPCs.

Exclude Learned CIDRs to Attached Spoke VPC/VNet Route Tables

The Exclude Learned CIDRs to Attached Spoke VPC/VNet Route Tables routing policy enables you to filter on-premises network CIDRs to the attached Spoke VPC or VNet route table entry by specifying a list of CIDRs to filter separated by commas. For example, you could enable this policy for a Spoke VPC or VNet that is customer facing, and you do not want your customer to access all your on-premises network CIDRs.

  • The list of CIDRs to filter can be a super set of on-premises learned routes. For example, if the on-premises learned routes are 100.10.0.0/24 and 100.10.1.0/24, you can enter 100.10.0.0/16 to filter out both routes.

  • If the filtered CIDR is a subnet of on-premises learned CIDR, the filtered CIDR won’t work.

  • When this policy is applied to the Aviatrix Transit Gateway, all attached Spoke VPCs or VNets will filter on the configured routes.

The Exclude Learned CIDRs to Attached Spoke VPC/VNet Route Tables policy does not apply to AWS Transit Gateway (TGW) attached Spoke VPCs.

Exclude CIDRs from Attached Spokes Advertisement

The Exclude CIDRs from Attached Spokes Advertisement routing policy enables you to selectively exclude some VPC/VNet CIDRs from being advertised to on-premises.

For example, you could enable this policy for Spoke VPC/VNets that have multiple CIDR blocks, among which some of them are overlapping. If you attach these Spoke VPC/VNets, the Aviatrix Controller will reject them as there are overlapping CIDRs. By excluding the overlapping CIDRs, you will be able to attach the Spoke VPC/VNets.

When this policy is applied to an Aviatrix Transit Gateway, the list is a "Exclude list", that is, the CIDRs in the input fields will be excluded from being advertised to on-premises.

Customize Transit VPC/VNet Routes

The Customize Transit VPC/VNet Routes routing policy enables you to customize Spoke VPC or VNet route table entry by specifying a list of comma-separated CIDRs. When a CIDR is specified, automatic route propagation to the Spoke(s) VPC/VNet will be disabled, overriding propagated CIDRs from other Spoke and Transit gateways and on-premises network. For example, you could enable this feature for a Spoke VPC/VNet that is customer facing and your customer is propagating routes that may conflict with your on-premises routes.

When this policy is enabled on an Aviatrix Transit Gateway, all Spoke VPCs or VNets route tables are customized.

To disable this feature, leave the CIDRs field empty.

The Customize Transit VPC/VNet Routes policy does not apply to AWS Transit Gateway (TGW) attached Spoke VPCs.

Related Topics