About Transit Gateway Routing Policy
This document describes the routing policies for Aviatrix Spoke Gateways.
Customize Attached Spoke VPC/VNet Route Tables
The Customize Attached Spoke VPC/VNet Route Tables routing policy enables you to customize the attached Spoke VPC/VNet route table entry by specifying a list of comma-separated CIDRs. When a CIDR is specified, automatic route propagation to the attached Spoke(s) VPC/VNet will be disabled, overriding propagated CIDRs from other Spoke and Transit gateways and on-premises network. For example, you could enable this policy for a Spoke VPC/VNet that is customer facing and your customer is propagating routes that may conflict with your on-premises routes.
When this policy is enabled on an Aviatrix Transit Gateway, all Spoke VPCs or VNets route tables are customized.
To disable this policy, leave the CIDRs field empty.
| The Customize Attached Spoke VPC/VNet Route Tables policy does not apply to AWS Transit Gateway (TGW) attached Spoke VPCs. |
Exclude Learned CIDRs to Attached Spoke VPC/VNet Route Tables
The Exclude Learned CIDRs to Attached Spoke VPC/VNet Route Tables routing policy enables you to filter on-premises network CIDRs to the attached Spoke VPC or VNet route table entry by specifying a list of CIDRs to filter separated by commas. For example, you could enable this policy for a Spoke VPC or VNet that is customer facing, and you do not want your customer to access all your on-premises network CIDRs.
-
The list of CIDRs to filter can be a super set of on-premises learned routes. For example, if the on-premises learned routes are 100.10.0.0/24 and 100.10.1.0/24, you can enter 100.10.0.0/16 to filter out both routes.
-
If the filtered CIDR is a subnet of on-premises learned CIDR, the filtered CIDR won’t work.
-
When this policy is applied to the Aviatrix Transit Gateway, all attached Spoke VPCs or VNets will filter on the configured routes.
| The Exclude Learned CIDRs to Attached Spoke VPC/VNet Route Tables policy does not apply to AWS Transit Gateway (TGW) attached Spoke VPCs. |
Exclude Attached Spokes' CIDRs from Advertisement
The Exclude Attached Spokes' CIDRs from Advertisement routing policy enables you to selectively exclude some VPC/VNet CIDRs from being advertised to on-premises.
For example, you could enable this policy for Spoke VPC/VNets that have multiple CIDR blocks, among which some of them are overlapping. If you attach these Spoke VPC/VNets, the Aviatrix Controller will reject them as there are overlapping CIDRs. By excluding the overlapping CIDRs, you will be able to attach the Spoke VPC/VNets.
When this policy is applied to an Aviatrix Transit Gateway, the list is an "Exclude list" and the spoke VPC/VNET CIDRs in the input fields will be excluded from being advertised to on-premises. This feature does not apply to CIDRs learned through BGP by another gateway.
Customize Transit VPC/VNet Routes
The Customize Transit VPC/VNet Routes routing policy enables you to customize Spoke VPC or VNet route table entry by specifying a list of comma-separated CIDRs. When a CIDR is specified, automatic route propagation to the Spoke(s) VPC/VNet will be disabled, overriding propagated CIDRs from other Spoke and Transit gateways and on-premises network. For example, you could enable this feature for a Spoke VPC/VNet that is customer facing and your customer is propagating routes that may conflict with your on-premises routes.
When this policy is enabled on an Aviatrix Transit Gateway, all Spoke VPCs or VNets route tables are customized.
To disable this feature, leave the CIDRs field empty.
| The Customize Transit VPC/VNet Routes policy does not apply to AWS Transit Gateway (TGW) attached Spoke VPCs. |