Configure Transit Gateway and VPC Subnet Route Tables using prefix lists
Advanced Routing enables you to further configure both your Networking Hub's Transit Gateway route tables and individual VPC Subnet route tables with Prefix Lists.
A prefix list allows you to define a set of CIDR blocks which is then referenced within different types of route tables with each Prefix List CIDR block entry appearing as a route table entry.
When creating a prefix list for advanced routing using Stax Networks there are a few added benefits:
- A Stax-managed prefix list can have its maximum number of entries increased or decreased at any time
- The Stax-managed prefix list is a single resource in the Networking Hub's AWS account. Stax manages the RAM sharing of the resource to all Networking Hubs, so there is a single resource to maintain and update
- When creating a prefix list, association rule criteria is configured. Stax uses this to determine which route tables and zones the prefix list should be associated to
- Newly created Stax Networks resources will automatically have any prefix list rules applied as appropriate
Prefix List Types
Stax provides the capability to provision two types of prefix lists for use with Advanced Routing:
Hub Prefix List
A Networking Hub prefix list exists within the Networking Hub AWS account and associates to the Transit Gateway route tables.
There are two ways of specifying rules for a Hub prefix list:
- Zones: VPCs of the Flat type are placed into a zone. The zone has its own Transit Gateway route table for controlling the flow of traffic within the Transit Gateway
- Route Table Types: Stax provisions a default set of Transit Gateway route tables. These include Infrastructure, Isolated and Onpremises. There is a fourth type, Flat, which includes every zone of Flat VPCs
A Networking Hub Prefix List can route traffic within the Transit Gateway to various destinations:
- A Stax-managed VPC within the Stax Networking Hub
- A Stax-managed Direct Connect Gateway that is associated to the Networking Hub
- A Stax-managed VPN that is associated to the Networking Hub
- Black hole
VPC Prefix List
The VPC prefix list exists within the Networking Hub AWS account and is shared, using AWS RAM, to each individual Stax-managed AWS account that requires association.
There are several ways of specifying association rules for a VPC prefix list. Combinations of the below association rules are permitted.
- VPCs: Simply choose a list of Stax-managed VPCs for the prefix list to be associated to
- VPC Types: Choose the types of Stax-managed VPCs to which the prefix list should be associated
- Zones: VPCs of the Flat type are placed into a zone. The zone has its own Transit Gateway route table for controlling the flow of traffic within the Transit Gateway. If the Flat VPC type is chosen above, all Flat VPCs, regardless of zone, will have the prefix list associated
- Subnet Types: Specify which subnets of in-scope VPCs (as defined above) should have the prefix list assigned
VPC prefix lists do not support specific targeting, rather route traffic to the transit gateway which, in turn, can be routed onwards using a Hub prefix list.