Enabling BGP Route Approval

The Aviatrix Transit and BGP-enable Spoke Gateway dynamically learns BGP routes from remote sites. These learned routes are reported to the Aviatrix Controller which in turn programs route entries of a Spoke VPC/VNet route table.

There are scenarios where you may require an approval process before learned CIDRs are propagated to the Spoke VPC/VNet. For example, a specific VPN is connected to a partner network, and you need to make sure undesirable routes, such as the default route (0.0.0.0/0) are not propagated into your own network and accidentally bring down the network.

Transit Approval

Learned CIDR approval feature enables the approval process. When this feature is enabled, dynamically learned routes from all remote peers trigger an email notification to the Controller administrator. The Controller administrator logs into CoPilot to approve the learned routes, which allows the routes to be propagated to the Spoke VPC/VNet.

When learned CIDR approval is not enabled, all dynamically learned routes are automatically propagated to the Spoke VPC/VNet.

To enable BGP route approval process, see Enabling Gateway Learned CIDR Approval.

Approving Learned CIDR in CoPilot

When learned CIDR approval is enabled on the Aviatrix Transit or BGP-enabled Spoke Gateway, dynamically learned routes from all remote peers trigger an email to the Aviatrix Controller administrator. The Controller administrator logs into Aviatrix CoPilot to approve the CIDRs, which allows the routes to be propagated to the Spoke VPC/VNets.

Approving Learned CIDRs Enabled for a Gateway

In Aviatrix CoPilot:

  1. Go to Cloud Fabric > Gateways > Transit Gateways or Spoke Gateways tab.

  2. In the table, locate and select the gateway to approve CIDRs for propagation.

  3. Go to the gateway’s Approval tab.

  4. In the table, select the CIDR and from the Actions dropdown menu, you can choose to Approve or Remove the CIDR.

    You can also search for a CIDR using the Search field.

To add pre-approved CIDRs:

  1. Click + Pre-Approved CIDRs.

  2. In the Add Pre-Approved CIDRs dialog, enter one or more CIDRs and click Save.

Approving Learned CIDRs Enabled for a BGP Connection

In Aviatrix CoPilot:

  1. Go to Networking > Connectivity > External Connections (S2C) tab and click + External Connection.

  2. In the table, locate and select the BGP connection to approve CIDRs for propagation.

  3. Go to the BGP connection’s Approval tab.

  4. In the table, select the CIDR and from the Actions dropdown menu, you can choose to Approve or Remove the CIDR.

    You can also search for a CIDR using the Search field.

To add pre-approved CIDRs:

  1. Click + Pre-Approved CIDRs.

  2. In the Add Pre-Approved CIDRs dialog, enter one or more CIDRs and click Save.