Use route aggregation and filtering to control the set of routes advertised to SDDC network uplinks like Direct Connect, VMware Transit Connect and the Connected VPC. You'll need this in cases where you have to reduce the number of entries in a VPC route table or limit the set of routes that are advertised to external connections.

In SDDCs at version 1.17 and later, you can use the NSX Manager Web Interface to aggregate routes to the INTRANET and SERVICES uplinks. And beginning at SDDC version 1.20, you can also use NSX Manager to filter the set of routes advertised to those uplinks. Route aggregation and filtering are not exposed in the legacy VMC Console Networking & Security tab.

In the default configuration, all segments in the SDDC Compute Network are advertised to the Connected Amazon VPC and external connections such as AWS Direct Connect and VMware Transit Connect. You can manage the list of CIDRs that get advertised this way by aggregating and optionally filtering these routes. Filtered routes are not advertised to the selected uplinks. Management subnets are always advertised. When both aggregation and filtering are applied, aggregated subnets are advertised even though they may include CIDRS that would normally be filtered out. To view or download the current set of routes advertised to the Connected VPC open the NSX Manager Networking tab and click Connected VPC > Advertised. To view or download the current set of routes advertised to Transit Connect, see View Routes Learned and Advertised over VMware Transit Connect.

Procedure

  1. Log in to VMware Cloud Services at https://vmc.vmware.com.
  2. Click Inventory > SDDCs, then pick an SDDC card and click VIEW DETAILS.
  3. Click OPEN NSX MANAGER.
  4. Aggregate CGW subnet CIDRs.
    1. On the NSX Manager Networking tab, click Global Configuration > Route Aggregation.
    2. Create a prefix list of CIDR blocks to aggregate.
      Under Aggregation Prefix Lists, click ADD AGGREGATION PREFIX LIST and give the list a Name, then click Set to open the Set Prefixes editor. Add prefix CIDRS as needed. The system normalizes any CIDRS that contain an inaccurate subnet (one in the middle of larger range).
    3. Add a route configuration that includes the new prefix list.
      Under Route Configurations, click ADD ROUTE CONFIGURATION and give the new configuration a Name. Select the Aggregation Prefix List you created and choose a Connectivity Endpoint:
      • Select INTRANET to apply this routing configuration to Direct Connect and VMware Transit Connect.
      • Select SERVICES to apply this routing configuration to the connected VPC. See Enable AWS Managed Prefix List Mode for the Connected Amazon VPC for information about how AWS Managed Prefix Lists affect aggregation of routes to the Connected VPC.
    4. Click SAVE to create the new configuration.
    Aggregated routes are flagged in the Advertised Routes table of the Transit Connect page and on the Advertised page of the Connected Amazon VPC tab.
  5. (Optional) Apply route filtering to uplinks.
    On the NSX Manager Networking tab, click Global Configuration > Route Filtering. Toggle Egress Filtering for one or both of the listed Connectivity Endpoints to prevent CGW subnets from being advertised to that endpoint.
    Non-default CGW segments are not advertised to the selected uplinks. These segments remain reachable when they are within an aggregation. Segments that are filtered out (not advertised) have a Status of Filtered on the Advertised page of the Connected Amazon VPC tab. Segments that are not filtered out (advertised) have a Status of Success on that page. Filtered routes that include an aggregation are flagged as Aggregated here and on the Transit Connect page (see View Routes Learned and Advertised over VMware Transit Connect).