æ¬æã¯ 2026幎6æ26æ¥ ã«å
¬éããã AWS Cloud WAN Routing Policy: Real-World Global Network Scenarios (Part 2) ã翻蚳ãããã®ã§ãã Part 1 ã§ã¯ã AWS Cloud WAN ã®ã«ãŒãã£ã³ã°ããªã·ãŒã玹ä»ããã°ããŒãã«ãããã¯ãŒã¯å
šäœã§ã«ãŒãäŒæãšãã¹éžæã«åœ±é¿ãäžããããã®ãã现ããªå¶åŸ¡ãã©ã®ããã«äœ¿çšã§ãããã瀺ããŸãããåã«ãŒãã£ã³ã°ããªã·ãŒã¯ã3ã€ã®äž»èŠã³ã³ããŒãã³ãã§æ§æãããŸãã1) ãããæ¡ä»¶ïŒã«ãŒããã¬ãã£ãã¯ã¹ãŸã㯠BGP 屿§ãè©äŸ¡ããŸãã2) ã¢ã¯ã·ã§ã³ïŒãããããã«ãŒãã®åŠçæ¹æ³ã決å®ããŸãã3) æ¹åæ§ïŒããªã·ãŒãã€ã³ããŠã³ããšã¢ãŠãããŠã³ãã®ã©ã¡ãã®ã«ãŒãäŒæã«é©çšããããæå®ããŸãããããã®æ§æèŠçŽ ã¯ãã¢ã¿ããã¡ã³ããã»ã°ã¡ã³ãããŸãã¯ãªãŒãžã§ã³ã®ã¬ãã«ã§é©çšã§ããŸãã æ¬èšäºã§ã¯ããããã®æŠå¿µãèžãŸãããã€ããªããç°å¢ããã«ããµã€ãç°å¢ã§äžè¬çã«èŠããã3ã€ã®å®éçšã·ããªãªãåãäžããŸããAWS Cloud WAN ã®ã«ãŒãã£ã³ã°ããªã·ãŒã䜿çšããŠã AWS Transit Gateway ç°å¢ããã®ç§»è¡äžã«ã«ãŒãã£ã³ã°ãå¶åŸ¡ããæ¹æ³ãããŒã«ã«ããªãã¡ã¬ã³ã¹ã䜿çšããŠè€æ°ã® AWS Direct Connect ãã±ãŒã·ã§ã³éã®ãã¹éžæãæ¹åããæ¹æ³ããããŠåäžã® BGP èªåŸã·ã¹ãã çªå·ïŒASNïŒãæã€ãããã¯ãŒã¯éã®æ¥ç¶ãèš±å¯ããæ¹æ³ãåŠã³ãŸãã ãããã®ãã¿ãŒã³ã¯ãAWS Cloud WAN ãéäžåã®ããªã·ãŒé©çšãã€ã³ããšããŠäœ¿çšããã°ããŒãã«ãããã¯ãŒã¯å
šäœã®ã«ãŒãã£ã³ã°å¶åŸ¡ãç°¡çŽ åããæ¹æ³ã瀺ããŠããŸãã æ¬èšäºã§èª¬æããã·ããªãªã¯ãç¶²çŸ
çãªãªã¹ãã§ã¯ãããŸãããAWS Cloud WAN ã®ã«ãŒãã£ã³ã°ããªã·ãŒã¯ãããã§æ±ã以å€ã«ã远å ã®ãããæ¡ä»¶ãšã¢ã¯ã·ã§ã³ããµããŒãããŠãããããã客æ§ã®ç°å¢åºæã®ã«ãŒãã£ã³ã°èª²é¡ã«å¯Ÿå¿ã§ããŸããå©çšå¯èœãªãããæ¡ä»¶ãšã¢ã¯ã·ã§ã³ã®å®å
šãªãªã¹ãã«ã€ããŠã¯ã AWS Cloud WAN ã«ãŒãã£ã³ã°ããªã·ãŒã®ããã¥ã¡ã³ã ãåç
§ããŠãã ããã åææ¡ä»¶ æ¬èšäºã¯ã2éšæ§æã®ã·ãªãŒãºã®ç¬¬2åã§ãããããæ¡ä»¶ãã¢ã¯ã·ã§ã³ãæ¹åæ§ãåºæ¬çãªèšå®ã¯ãŒã¯ãããŒãªã©ãã«ãŒãã£ã³ã°ããªã·ãŒã®åºç€ãæ±ã£ã Part 1: AWS Cloud WAN Routing Policy â Fine-grained controls for your global network ãæ¢ã«èªãŸããŠããããšãåæãšããŸãããŸãã Amazon Virtual Private CloudïŒAmazon VPCïŒ ãAWS Cloud WANãAWS Direct Connectã AWS Site-to-Site VPN ãªã©ã®äž»èŠãª AWS ãããã¯ãŒã¯ãµãŒãã¹ãããã³ AS-pathãããŒã«ã«ããªãã¡ã¬ã³ã¹ãã³ãã¥ããã£å±æ§ãšãã£ãæŠå¿µãå«ã Border Gateway ProtocolïŒBGPïŒ ã®åºç€ãçè§£ããŠããããšãåæãšããŸããAWS Cloud WAN ã®ãã€ããªããæ¥ç¶ãã¿ãŒã³ã«é¢ããè£è¶³çãªèæ¯æ
å ±ã«ã€ããŠã¯ã Simplify global hybrid connectivity with AWS Cloud WAN and AWS Direct Connect integration ãåç
§ããããšãæšå¥šããŸãã è£è¶³ïŒAWS Cloud WAN ã®ã«ãŒãã£ã³ã°ããªã·ãŒã«ã¯ãã³ã¢ãããã¯ãŒã¯ããªã·ãŒããŒãžã§ã³ 2025.11 以éãå¿
èŠã§ããæ¬èšäºã§èª¬æããèšå®ãå®è£
ããåã«ãã³ã¢ãããã¯ãŒã¯ããã®ããŒãžã§ã³ã§åäœããŠããããšã確èªããŠãã ããã ã·ããªãª1ïŒæ¢åã® Transit Gateway ç°å¢ããã®ã«ãŒãäŒæã®å¶åŸ¡ AWS Cloud WAN ãæ¡çšããå Žåãæ¢ã« AWS Transit Gateway äžã«æ§ç¯ãããæ¢åç°å¢ãéçšããŠãããããããŸãããç§»è¡äžã¯ããããã®ç°å¢ã AWS Cloud WAN ã«æ¥ç¶ããããšã§ãäžåºŠããã®ã«ãããªãŒããŒã§ã¯ãªããæ®µéçãªç§»è¡ãå¯èœã«ãªããŸãã ããããã¢ãŒããã¯ãã£ã§ããããèŠä»¶ã¯ãAWS Cloud WAN ã Transit Gateway ããåŠç¿ããã«ãŒããããããã¯ãŒã¯ã®ä»ã®éšåãç¹ã« AWS Direct Connect ã AWS Site-to-Site VPN ãéããŠæ¥ç¶ããããªã³ãã¬ãã¹ç°å¢ã«ã©ã®ããã«äŒæããããå¶åŸ¡ããããšã§ãã æ¬¡ã®å³ïŒå³1ïŒã¯ãã«ãŒãã£ã³ã°ããªã·ãŒãé©çšãããŠããªãå Žåã«ãAWS Cloud WAN å
ã§ã«ãŒããã©ã®ããã«åŠç¿ãããäŒæããããã瀺ããŠããŸãããã®äŸã§ã¯ãap-southeast-2 ãªãŒãžã§ã³ã® Transit Gateway ããAWS Direct Connect ãéããŠãªã³ãã¬ãã¹ã®ããŒã¿ã»ã³ã¿ãŒïŒDC1ïŒã«æ¥ç¶ãããŠããŸãããã® Transit Gateway ã AWS Cloud WAN ã«ã¢ã¿ããããããšãDC1 ã¯éè€ããã«ãŒããåä¿¡ãå§ããŸãã1ã€ç®ã®ã«ãŒãã»ããã¯ãTransit Gateway ããçŽæ¥äŒæãããŸãã2ã€ç®ã®ã»ãã㯠AWS Cloud WAN èªäœããæ¥ããã®ã§ãAWS Cloud WAN 㯠Transit Gateway ã«ãŒãããŒãã«ã®ã¢ã¿ããã¡ã³ãããåãã«ãŒããåŠç¿ãããããã Direct Connect çµç±ã§ DC1 ã«åé
åžããŸããã«ãŒãã£ã³ã°ããªã·ãŒããªãå Žåããã®ã«ãŒãã®éè€ã¯ãéå¹ççãŸãã¯äºæž¬äžå¯èœãªã«ãŒãã£ã³ã°åäœã«ã€ãªããå¯èœæ§ããããŸãã å³1ïŒã«ãŒãã£ã³ã°ããªã·ãŒããªãå Žåã®ã«ãŒãäŒæåäœ AWS Cloud WAN ã®ã«ãŒãã£ã³ã°ããªã·ãŒã¯ãBGP ã³ãã¥ããã£ã®ã¿ã°ä»ããšãã£ã«ã¿ãªã³ã°ã«ãã£ãŠãã®åé¡ã解決ããã©ã®ã«ãŒãããªã³ãã¬ãã¹ç°å¢ã«ã¢ããã¿ã€ãºããããæ£ç¢ºã«å¶åŸ¡ã§ããããã«ããŸãã å³2ïŒã«ãŒãã£ã³ã°ããªã·ãŒé©çšåŸã®ã«ãŒãäŒæåäœ å³2ã«ç€ºãããã«ãTransit Gateway ã¯èªèº«ã® production ã«ãŒãããŒãã«ã AWS Cloud WAN ã® production ã»ã°ã¡ã³ãã«æ¥ç¶ããŸããã«ãŒãã£ã³ã°ããªã·ãŒã¯2ã€ã®ã¹ãããã§åäœããŸãã第1ã«ãTransit Gateway ã«ãŒãããŒãã«ã®ã¢ã¿ããã¡ã³ãããåŠç¿ããã«ãŒãã«ãBGP ã³ãã¥ããã£å€ïŒ65000:1 ãªã©ïŒãã¿ã°ä»ãããŸãã第2ã«ããã®ã³ãã¥ããã£ã¿ã°ããproduction ã»ã°ã¡ã³ããã hybrid ã»ã°ã¡ã³ããžã«ãŒããå
±æããéã®ãã£ã«ã¿ãšããŠäœ¿çšããŸããã¿ã°ä»ããããã«ãŒãã¯ãhybrid ã»ã°ã¡ã³ãã® Direct Connect ã²ãŒããŠã§ã€ïŒDXGWïŒãžã¯ãã以äžã¢ããã¿ã€ãºïŒäŒæïŒãããŸããã ãã®çµæããªã³ãã¬ãã¹ã®ããŒã¿ã»ã³ã¿ãŒã¯ Transit Gateway ããçŽæ¥ã«ãŒãã®ã¿ãåä¿¡ããããšã«ãªããéè€ããã¢ããã¿ã€ãºãæé€ãããTransit Gateway ãåãããŒã¿ã»ã³ã¿ãŒã«æ¥ç¶ããããŸãŸã®ã¢ãŒããã¯ãã£ã«ãããã«ãŒãã£ã³ã°ã®ç«¶åãåé¿ã§ããŸãã è£è¶³ïŒAWS Cloud WAN ã«çŽæ¥ã¢ã¿ãããããæ°ãã VPC ã¯ãTransit Gateway ã®èåŸã«ããæ¢åã® VPC ã AWS Cloud WAN äžã® VPC ãšéä¿¡ã§ããããã«ãèªèº«ã® Classless Inter-Domain RoutingïŒCIDRïŒãããã¯ã Transit Gateway ã«ã¢ããã¿ã€ãºããŸãããã ãããããã® CIDR ãããã¯ã¯ããã®é¢é£ä»ãã® èš±å¯ãã¬ãã£ãã¯ã¹ãªã¹ã ã«å«ãŸããŠããªãéããTransit Gateway ã® Direct Connect ã²ãŒããŠã§ã€ã®é¢é£ä»ããéããŠãªã³ãã¬ãã¹ã«ã¯ã¢ããã¿ã€ãºãããŸãããããã«ãããCloud WAN ã® VPC ã«ãŒãã Transit Gateway ãã¹çµç±ã§ DC1 ã«ã¢ããã¿ã€ãºãããã®ãé²ããAWS Cloud WAN ã® Direct Connect ã²ãŒããŠã§ã€ããªã³ãã¬ãã¹ãžã®å¯äžã®ãã¹ãšããŠæ®ããŸãã ä»çµã¿ æ¢åã® Transit Gateway ããåŠç¿ããã«ãŒã㯠production ã»ã°ã¡ã³ãã«å
¥ããã¢ã¿ããã¡ã³ãã®ã€ã³ããŠã³ãããªã·ãŒã«ãã£ãŠã³ãã¥ãã㣠65000:1 ã§ã¿ã°ä»ããããŸããproduction ã® VPC ãš AWS Cloud WAN ã®ãªãœãŒã¹ã¯ãTransit Gateway ã®ã¯ãŒã¯ããŒãã«éåžžã©ããå°éã§ããŸããäžæ¹ãproduction ã®ã«ãŒãã hybrid ã»ã°ã¡ã³ããšå
±æãããéãã¢ãŠãããŠã³ãã®ã»ã°ã¡ã³ããã£ã«ã¿ãªã³ã°ããªã·ãŒãã³ãã¥ããã£ã¿ã° 65000:1 ã«ããããããããã®ã«ãŒããããããããŸãããã®ä»ãã¹ãŠã® production ã«ãŒãïŒVPC ããã®ã«ãŒãïŒã¯ hybrid ã»ã°ã¡ã³ãã«ééããDirect Connect çµç±ã§ãªã³ãã¬ãã¹ã«ã¢ããã¿ã€ãºãããŸããããã«ãããåã Transit Gateway ã«äŸç¶ãšããŠçŽæ¥æ¥ç¶ãããŠããããŒã¿ã»ã³ã¿ãŒãžã®éè€ããã«ãŒãã¢ããã¿ã€ãºãé²ããŸãã ã¹ããã1ïŒTransit Gateway ã®ã«ãŒãã«ã³ãã¥ããã£ãã¿ã°ä»ãããïŒTransit Gateway ã«ãŒãããŒãã«ã¢ã¿ããã¡ã³ãã§ã€ã³ããŠã³ãïŒ ãã®ã€ã³ããŠã³ãããªã·ãŒããAWS Cloud WAN ã® Transit Gateway ã«ãŒãããŒãã«ã¢ã¿ããã¡ã³ãã«é©çšããŸãããã®ããªã·ãŒã¯ãTransit Gateway ããåŠç¿ãããã¹ãŠã®ã«ãŒãã«ãããããã³ãã¥ãã㣠65000:1 ã§ã¿ã°ä»ãããŸãã { "routing-policies": [ { "routing-policy-number": 100, "routing-policy-name": "tagTgwRoutes", "routing-policy-description": "Tag routes learned from existing TGW with community 65000:1", "routing-policy-direction": "inbound", "routing-policy-rules": [ { "rule-number": 10, "rule-definition": { "match-conditions": [ { "type": "prefix-in-cidr", "value": "0.0.0.0/0" } ], "condition-logic": "and", "action": { "type": "add-community", "value": "65000:1" } } } ] } ] } ã¹ããã2ïŒã»ã°ã¡ã³ãå
±ææã«ã¿ã°ä»ããããã«ãŒãããã£ã«ã¿ãªã³ã°ããïŒprod â hybridïŒ ãã®ã¢ãŠãããŠã³ãããªã·ãŒããproduction ã»ã°ã¡ã³ããã hybrid ã»ã°ã¡ã³ããžã«ãŒããå
±æããéã«é©çšããŸãããã®ããªã·ãŒã¯ãã³ãã¥ãã㣠65000:1 ãæã€ã«ãŒãã«ãããããŠããããããTransit Gateway ç±æ¥ã®ã«ãŒãã hybrid ã»ã°ã¡ã³ãããã³ Direct Connect çµç±ã§ãªã³ãã¬ãã¹ã® DC ã«äŒæãããã®ãé²ããŸããã³ãã¥ããã£å€ 65000:1 ã«ãããããªãã«ãŒãã¯æé»çã«èš±å¯ãããéåžžã©ããäŒæãç¶ããŸããAWS Cloud WAN ã®ã«ãŒãã£ã³ã°ããªã·ãŒã«ãŒã«ã¯ããã©ã«ãèš±å¯ïŒdefault-allowïŒãåºæ¬ãšããŠåäœããããããã«ãŒã«ã«ãã£ãŠæç€ºçã«ãããããã«ãŒãã®ã¿ããã£ã«ã¿ãªã³ã°ãããŸãã { "routing-policies": [ { "routing-policy-number": 200, "routing-policy-name": "filterRoutesToHybrid", "routing-policy-description": "Drop TGW-originated routes (community 65000:1) when sharing prod to hybrid", "routing-policy-direction": "outbound", "routing-policy-rules": [ { "rule-number": 10, "rule-definition": { "match-conditions": [ { "type": "community-in-list", "value": "65000:1" } ], "condition-logic": "and", "action": { "type": "drop" } } } ] } ] } ã¹ããã3ïŒããªã·ãŒãé
åžãã€ã³ãã«é¢é£ä»ãã 3.1 ã«ãŒãã£ã³ã°ããªã·ãŒã©ãã«ã䜿çšããŠãã¿ã°ä»ãããªã·ãŒã Transit Gateway ã«ãŒãããŒãã«ã¢ã¿ããã¡ã³ãã«é©çšããŸãã { "attachment-routing-policy-rules": [ { "rule-number": 100, "conditions": [ { "type": "routing-policy-label", "value": "TgwInbound" } ], "action": { "associate-routing-policies": [ "tagTgwRoutes" ] } } ] } é¢é£ä»ããå®äºããã«ã¯ãrouting-policy-label ã Transit Gateway ã«ãŒãããŒãã«ã¢ã¿ããã¡ã³ãã«å²ãåœãŠãŸããããã¯ãã¢ã¿ããã¡ã³ãã®äœææã« routing-policy-label ãã©ã¡ãŒã¿ã䜿çšããããAWS Cloud WAN ã³ã³ãœãŒã«ã§æ¢åã®ã¢ã¿ããã¡ã³ããç·šéããããšã§å®è¡ã§ããŸãããã®ã·ããªãªã§ã¯ãã©ãã« TgwInbound ã Transit Gateway ã«ãŒãããŒãã«ã¢ã¿ããã¡ã³ãã«å²ãåœãŠãŸãã 3.2 ã»ã°ã¡ã³ãå
±æã®ã¬ãã«ã§ãã£ã«ã¿ãªã³ã°ããªã·ãŒãé©çšããŸãã { "segment-actions": [ { "action": "share", "mode": "attachment-route", "segment": "production", "share-with": [ "hybrid" ], "routing-policy-names": [ "filterRoutesToHybrid" ] } ] } ã·ããªãª2ïŒè€æ°ã® Direct Connect ãã±ãŒã·ã§ã³éã§ã®ãã¹éžæã®æ¹å è€æ°ã®ãªã³ãã¬ãã¹ãã±ãŒã·ã§ã³ãããå Žåãèé害æ§ã®ããã«è€æ°ã®ãµã€ãããåããã¬ãã£ãã¯ã¹ãã¢ããã¿ã€ãºããŠããããšãå€ãã§ããããããã¯å¯çšæ§ãåäžãããŸãããAWS Cloud WAN ãè€æ°ã®ãã±ãŒã·ã§ã³ããåºæã®åªå
床ãªãã«åäžã®ã«ãŒããåä¿¡ãããšããã«ãŒãã£ã³ã°ã®ææ§ããçã¿åºããŸãã远å ã®å¶åŸ¡ããªããã°ããã©ãã£ãã¯ãé©åã«èªå°ãããªãå Žåã«éå¹ççãªã«ãŒãã£ã³ã°æ±ºå®ã«ã€ãªããå¯èœæ§ããããŸãã ã«ãŒãã£ã³ã°ããªã·ãŒãé©çšãããŠããªãå ŽåãAWS Cloud WAN ã¯ããã©ã«ãã®ã«ãŒãã£ã³ã°åäœïŒãã³ã²ã¹ããã¬ãã£ãã¯ã¹ãããïŒã«äŸåããããŒã«ã«ããªãã¡ã¬ã³ã¹ããã¹ã¹ãã¢ãªã³ã°ã¯è¡ãããŸãããå³3ã«ç€ºãããã«ãAWS Cloud WAN ãåããã¬ãã£ãã¯ã¹ïŒäŸãã° DC2 ããçºä¿¡ããã 10.2.0.0/16ïŒã3ã€ã® DXGW ãšãµã€ããã¹ãŠããåæã«åŠç¿ããå ŽåãDC2 ãéãçŽæ¥ãã¹ãåªå
ããã¡ã«ããºã ããããŸããããã®çµæãDC2 å®ãŠã®ãã©ãã£ãã¯ã代ããã« DC1 ã DC3 ãçµç±ããŠåºãŠããããšããããäžèŠãªããã¯ããŒã³ã®ééãã¬ã€ãã³ã·ãŒã®å¢å ãã³ã¹ãã®å¢å ãæããŸãã è£è¶³ïŒãã®ã·ããªãªã§ã¯ããªã³ãã¬ãã¹ã®ããŒã¿ã»ã³ã¿ãŒã MPLS ã AWS Direct Connect SiteLink ãªã©ã®ããã¯ããŒã³ãããã¯ãŒã¯ãéããŠçžäºæ¥ç¶ãããŠããããã§ã€ã«ãªãŒããŒæã«ãµã€ãéã§ãã©ãã£ãã¯ãééãããããããšãåæãšããŠããŸãã å³3ïŒã«ãŒãã£ã³ã°ããªã·ãŒããªãå Žåã®ã«ãŒããã¹éžæ AWS Cloud WAN ã®ã«ãŒãã£ã³ã°ããªã·ãŒã¯ãããŒã«ã«ããªãã¡ã¬ã³ã¹ãªã©ã® BGP 屿§ã䜿çšããŠããã¹éžæãéäžçã«å¶åŸ¡ããŸããå³4ã«ç€ºãããã«ãå DXGW ã¢ã¿ããã¡ã³ãã«é©çšãããã€ã³ããŠã³ãã«ãŒãã£ã³ã°ããªã·ãŒãããŒã«ã«ããªãã¡ã¬ã³ã¹å€ãå²ãåœãŠããã©ãã£ãã¯ãçºä¿¡å
ã®ããŒã¿ã»ã³ã¿ãŒãžèªå°ããããšã§ãæãçŽæ¥çãªãã¹ãåªå
ãããããã«ããŸãã å³4ïŒã«ãŒãã£ã³ã°ããªã·ãŒé©çšåŸã®ã«ãŒããã¹éžæ ãã®ã·ããªãªã§ã¯ãåããŒã¿ã»ã³ã¿ãŒãç¹å®ã®ãã¬ãã£ãã¯ã¹ã®ã»ãããä¿æããŠããŸããDC1 㯠10.1.0.0/16 ããDC2 㯠10.2.0.0/16 ããDC3 㯠10.3.0.0/16 ãçºä¿¡ããŸããèé害æ§ã®ããã3ã€ã® DC ã¯ãããããèªèº«ã® Direct Connect ãã±ãŒã·ã§ã³ãã3ã€ãã¹ãŠã®ãã¬ãã£ãã¯ã¹ãã¢ããã¿ã€ãºããŸããå DC ã¯å°çšã® DXGW ãéããŠæ¥ç¶ãããŠãããDC1 㯠ASN 65010ãDC2 㯠65011ãDC3 㯠65012 ã䜿çšããŸããAWS Cloud WAN ã¯3ã€ã® DXGW ãã¹ãŠããåãã«ãŒããåŠç¿ããããŒã«ã«ããªãã¡ã¬ã³ã¹ã䜿çšããŠåãã¬ãã£ãã¯ã¹ã®ãã©ãã£ãã¯ããã®ä¿æå
DC ãžèªå°ããŸããä»ã® DC ã¯ãã»ã«ã³ããªããã³ç¬¬3ïŒã¿ãŒã·ã£ãªïŒã®ãã§ã€ã«ãªãŒããŒãã¹ãšããŠæ©èœããŸãã AWS Cloud WAN ã®èгç¹ããèŠããšããã®ã·ããªãªã®ãã¹åªå
床ãããªãã¯ã¹ã¯æ¬¡ã®ãšããã§ãã ãã¬ãã£ãã¯ã¹ 1çªç®ïŒããŒã«ã«ããªãã¡ã¬ã³ã¹ 300ïŒ 2çªç®ïŒLP 200ïŒ 3çªç®ïŒLP 100ïŒ DC1: 10.1.0.0/16 DXGW 65010 DXGW 65011 DXGW 65012 DC2: 10.2.0.0/16 DXGW 65011 DXGW 65012 DXGW 65010 DC3: 10.3.0.0/16 DXGW 65012 DXGW 65011 DXGW 65010 ä»çµã¿ 3ã€ã® DC ã¯ããããèé害æ§ã®ããã«3ã€ãã¹ãŠã®ãã¬ãã£ãã¯ã¹ãã¢ããã¿ã€ãºããŸãããåãã¬ãã£ãã¯ã¹ã¯ç¹å®ã® DC ã«å±ããŸããAWS Cloud WAN ã 10.1.0.0/16 ã3ã€ã® DXGW ãã¹ãŠããåŠç¿ãããšãã«ãŒãã£ã³ã°ããªã·ãŒã¯ãDXGW 65010ïŒä¿æå
ã§ãã DC1ïŒãã 300ãDXGW 65011ïŒDC2ïŒãã 200ãDXGW 65012ïŒDC3ïŒãã 100 ã®ããŒã«ã«ããªãã¡ã¬ã³ã¹ãå²ãåœãŠãŸããAWS Cloud WAN ã¯æãé«ãããŒã«ã«ããªãã¡ã¬ã³ã¹ãæã€ãã¹ãéžæãã10.1.0.0/16 ã®ãã©ãã£ãã¯ã DC1 çµç±ã§èªå°ããŸããDC1 ã® Direct Connect ãã¹ã«é害ãçºçããå Žåããã©ãã£ãã¯ã¯èªåçã« DC2ïŒããŒã«ã«ããªãã¡ã¬ã³ã¹ 200ïŒã次ãã§ DC3ïŒããŒã«ã«ããªãã¡ã¬ã³ã¹ 100ïŒãžãã©ãŒã«ããã¯ããŸããåãããžãã¯ããDC2 ä¿æã®ãã¬ãã£ãã¯ã¹ïŒãã©ã€ããªã¯ DXGW 65011ãã»ã«ã³ããªã¯ 65012ã第3çµè·¯ã¯ 65010 çµç±ïŒããã³ DC3 ä¿æã®ãã¬ãã£ãã¯ã¹ïŒãã©ã€ããªã¯ DXGW 65012ãã»ã«ã³ããªã¯ 65011ã第3çµè·¯ã¯ 65010 çµç±ïŒã«ãé©çšãããŸãã DXGW ã®ã¬ãã«ã§ã¯ãVIF äžã® BGP ã³ãã¥ãã㣠ãéããŠã远å ã®ãã¹å¶åŸ¡ã¬ã€ã€ãŒãå©çšã§ããŸããå DXGW ã«ã¯ãã©ã€ããªãšã»ã«ã³ããªã®2ã€ã® VIF ããããã³ãã¥ããã£ã¿ã°ã«ãã£ãŠã¢ãŠãããŠã³ããã©ãã£ãã¯ã«ã©ã¡ãã® VIF ãåªå
ãããããæ±ºãŸããŸããé«åªå
床ã«ã¯ 7224:7300ãäœåªå
床ã«ã¯ 7224:7100 ã䜿çšããŸãããããã¯ãã¢ã¯ãã£ãã»ã¢ã¯ãã£ãã® ECMP ããŒããã©ã³ã·ã³ã°ã®ããã«ãäž¡æ¹ã® VIF ã« 7224:7200 ãé©çšããããšãã§ããŸãã ãã®èšå®ã«ãããAWS Cloud WAN ãš DXGW ã¯ãã€ã³ããŠã³ãã®ã«ãŒãåªå
èšå®ã䜿çšããŠã¢ãŠãããŠã³ããã©ãã£ãã¯ããªã³ãã¬ãã¹ãžèªå°ããŸãã察称ã«ãŒãã£ã³ã°ãå®çŸããã«ã¯ããªã³ãã¬ãã¹ãã AWS ãžæµãããã©ãã£ãã¯ã«ã€ããŠãããªã³ãã¬ãã¹ã®ããã€ã¹ãåããã¹ãåªå
ããããã«èšå®ããå¿
èŠããããŸãã è£è¶³ïŒå®çŸ©ããã3ã€ã®ãã¬ãã£ãã¯ã¹ãªã¹ãã®ãããã«ããããããªããã¬ãã£ãã¯ã¹ã¯ãæç€ºçãªããŒã«ã«ããªãã¡ã¬ã³ã¹ãèšå®ãããªããŸãŸééãã3ã€ã® DXGW ãã¹ãŠã«ããã£ãŠé決å®çãªãã¹éžæãšãªããŸãããªã³ãã¬ãã¹ããæ°ãããã¬ãã£ãã¯ã¹ãã¢ããã¿ã€ãºãããã®ã«åãããŠããã¬ãã£ãã¯ã¹ãªã¹ããææ°ã®ç¶æ
ã«ä¿ã€ããã«ããŠãã ããã ã¹ããã1ïŒåããŒã¿ã»ã³ã¿ãŒçšã®ãã¬ãã£ãã¯ã¹ãªã¹ããå®çŸ©ãã ããŒã¿ã»ã³ã¿ãŒããšã«åå¥ã®ãã¬ãã£ãã¯ã¹ãªã¹ããäœæãããã®ãµã€ãããçºä¿¡ããã CIDR ãã°ã«ãŒãåããŸãããã¬ãã£ãã¯ã¹ãªã¹ã㯠Amazon VPC ãããŒãžããã¬ãã£ãã¯ã¹ãªã¹ãïŒã«ã¹ã¿ããŒãããŒãžããã¬ãã£ãã¯ã¹ãªã¹ãïŒãšããŠäœæããããã®åŸãã¬ãã£ãã¯ã¹ãªã¹ããšã€ãªã¢ã¹ã䜿çšããŠã³ã¢ãããã¯ãŒã¯ã«é¢é£ä»ããããŸããã«ãŒãã£ã³ã°ããªã·ãŒããã¬ãã£ãã¯ã¹ããããããéã«åç
§ããã®ã¯ããã®ãšã€ãªã¢ã¹ã§ããäŸãã°ã10.1.0.0/16ã10.2.0.0/16ã10.3.0.0/16 ãããããå«ã3ã€ã® ãããŒãžããã¬ãã£ãã¯ã¹ãªã¹ã ãäœæãããšã€ãªã¢ã¹ dc1Prefixesãdc2Prefixesãdc3Prefixes ã䜿çšããŠã³ã¢ãããã¯ãŒã¯ã«é¢é£ä»ããŸãã è£è¶³ïŒâmax-entries ãã©ã¡ãŒã¿ã¯å¿
é ã§ããã¬ãã£ãã¯ã¹ãªã¹ããä¿æã§ãããšã³ããªã®æå€§æ°ãå®çŸ©ããŸããããã§äœ¿çšããŠããå€ 5 ã¯ä»»æã®ãã®ã§ãããå«ããäºå®ã®ãã¬ãã£ãã¯ã¹æ°ã«å¿ããŠèª¿æŽã§ããŸãã aws ec2 create-managed-prefix-list --prefix-list-name dc1Prefixes --max-entries 5 --address-family IPv4 --entries Cidr=10.1.0.0/16 aws ec2 create-managed-prefix-list --prefix-list-name dc2Prefixes --max-entries 5 --address-family IPv4 --entries Cidr=10.2.0.0/16 aws ec2 create-managed-prefix-list --prefix-list-name dc3Prefixes --max-entries 5 --address-family IPv4 --entries Cidr=10.3.0.0/16 aws networkmanager create-core-network-prefix-list-association --core-network-id <core-network-id> --prefix-list-arn <dc1-prefix-list-arn> --prefix-list-alias dc1Prefixes aws networkmanager create-core-network-prefix-list-association --core-network-id <core-network-id> --prefix-list-arn <dc2-prefix-list-arn> --prefix-list-alias dc2Prefixes aws networkmanager create-core-network-prefix-list-association --core-network-id <core-network-id> --prefix-list-arn <dc3-prefix-list-arn> --prefix-list-alias dc3Prefixes ã¹ããã2ïŒDXGW ã¢ã¿ããã¡ã³ãããšã«ã«ãŒãã£ã³ã°ããªã·ãŒãå®çŸ©ãã å DXGW ã¯ãããããç¬èªã®ã€ã³ããŠã³ãã«ãŒãã£ã³ã°ããªã·ãŒãæã¡ãŸãããã®ããªã·ãŒã¯ããã¹åªå
床ãããªãã¯ã¹ã«åºã¥ããŠåãã¬ãã£ãã¯ã¹ã«ããŒã«ã«ããªãã¡ã¬ã³ã¹å€ãå²ãåœãŠãåãã¬ãã£ãã¯ã¹ãçºä¿¡å
DC ãžã決å®çãªãã§ã€ã«ãªãŒããŒé åºã§èªå°ããŸãã DXGW 65010ïŒDC1ïŒã®ããªã·ãŒãDC1 ã®ãã©ã€ããªãDC2 ãš DC3 ã®ç¬¬3çµè·¯ïŒ { "routing-policies": [ { "routing-policy-number": 100, "routing-policy-name": "pathPreferenceDxgw65010", "routing-policy-description": "DXGW 65010 (DC1): primary for DC1, tertiary for DC2, tertiary for DC3", "routing-policy-direction": "inbound", "routing-policy-rules": [ {"rule-number": 10, "rule-definition": {"match-conditions": [{"type": "prefix-in-prefix-list", "value": "dc1Prefixes"}], "condition-logic": "and", "action": {"type": "set-local-preference", "value": "300"}}}, {"rule-number": 20, "rule-definition": {"match-conditions": [{"type": "prefix-in-prefix-list", "value": "dc2Prefixes"}], "condition-logic": "and", "action": {"type": "set-local-preference", "value": "100"}}}, {"rule-number": 30, "rule-definition": {"match-conditions": [{"type": "prefix-in-prefix-list", "value": "dc3Prefixes"}], "condition-logic": "and", "action": {"type": "set-local-preference", "value": "100"}}} ] } ] } DXGW 65011ïŒDC2ïŒã®ããªã·ãŒãDC2 ã®ãã©ã€ããªãDC1 ãš DC3 ã®ã»ã«ã³ããªïŒ { "routing-policies": [ { "routing-policy-number": 200, "routing-policy-name": "pathPreferenceDxgw65011", "routing-policy-description": "DXGW 65011 (DC2): secondary for DC1, primary for DC2, secondary for DC3", "routing-policy-direction": "inbound", "routing-policy-rules": [ {"rule-number": 10, "rule-definition": {"match-conditions": [{"type": "prefix-in-prefix-list", "value": "dc1Prefixes"}], "condition-logic": "and", "action": {"type": "set-local-preference", "value": "200"}}}, {"rule-number": 20, "rule-definition": {"match-conditions": [{"type": "prefix-in-prefix-list", "value": "dc2Prefixes"}], "condition-logic": "and", "action": {"type": "set-local-preference", "value": "300"}}}, {"rule-number": 30, "rule-definition": {"match-conditions": [{"type": "prefix-in-prefix-list", "value": "dc3Prefixes"}], "condition-logic": "and", "action": {"type": "set-local-preference", "value": "200"}}} ] } ] } DXGW 65012ïŒDC3ïŒã®ããªã·ãŒãDC3 ã®ãã©ã€ããªãDC2 ã®ã»ã«ã³ããªãDC1 ã®ç¬¬3çµè·¯ïŒ { "routing-policies": [ { "routing-policy-number": 300, "routing-policy-name": "pathPreferenceDxgw65012", "routing-policy-description": "DXGW 65012 (DC3): tertiary for DC1, secondary for DC2, primary for DC3", "routing-policy-direction": "inbound", "routing-policy-rules": [ {"rule-number": 10, "rule-definition": {"match-conditions": [{"type": "prefix-in-prefix-list", "value": "dc1Prefixes"}], "condition-logic": "and", "action": {"type": "set-local-preference", "value": "100"}}}, {"rule-number": 20, "rule-definition": {"match-conditions": [{"type": "prefix-in-prefix-list", "value": "dc2Prefixes"}], "condition-logic": "and", "action": {"type": "set-local-preference", "value": "200"}}}, {"rule-number": 30, "rule-definition": {"match-conditions": [{"type": "prefix-in-prefix-list", "value": "dc3Prefixes"}], "condition-logic": "and", "action": {"type": "set-local-preference", "value": "300"}}} ] } ] } ã¹ããã3ïŒããªã·ãŒã DXGW ã¢ã¿ããã¡ã³ãã«é¢é£ä»ãã åã«ãŒãã£ã³ã°ããªã·ãŒã routing-policy-label ã«ãããã³ã°ããæ¬¡ã«ã©ãã«ã«ãã£ãŠã¢ã¿ããã¡ã³ããããããã察å¿ããã«ãŒãã£ã³ã°ããªã·ãŒãé¢é£ä»ãã attachment-routing-policy-rules ãå®çŸ©ããŸããrouting-policy-label ãåã¢ã¿ããã¡ã³ãã«å²ãåœãŠãŸãã { "attachment-routing-policy-rules": [ {"rule-number": 100, "conditions": [{"type": "routing-policy-label", "value": "dxgw65010inbound"}], "action": {"associate-routing-policies": ["pathPreferenceDxgw65010"]}}, {"rule-number": 200, "conditions": [{"type": "routing-policy-label", "value": "dxgw65011inbound"}], "action": {"associate-routing-policies": ["pathPreferenceDxgw65011"]}}, {"rule-number": 300, "conditions": [{"type": "routing-policy-label", "value": "dxgw65012inbound"}], "action": {"associate-routing-policies": ["pathPreferenceDxgw65012"]}} ] } 次ã«ãrouting-policy-label ãã©ã¡ãŒã¿ãŸãã¯ã³ã³ãœãŒã«ã䜿çšããŠã察å¿ãã routing-policy-label ãå DXGW ã¢ã¿ããã¡ã³ãã«é©çšããŸãããã®ã·ããªãªã§ã¯ãã©ãã« dxgw65010inbound ã DXGW 65010 ã¢ã¿ããã¡ã³ãã«ãdxgw65011inbound ã DXGW 65011 ã¢ã¿ããã¡ã³ãã«ãdxgw65012inbound ã DXGW 65012 ã¢ã¿ããã¡ã³ãã«å²ãåœãŠãŸãã ã·ããªãª3ïŒåäž ASN ãæã€ãããã¯ãŒã¯éã®éä¿¡ã®èš±å¯ Wide Area NetworkïŒWANïŒãæ§ç¯ããäŒæ¥ã¯ãã°ããŒãã«æ¥ç¶ã®ããã« AWS ã®ããã¯ããŒã³ã€ã³ãã©ã¹ãã©ã¯ãã£ããŸããŸã掻çšããŠããŸãããè²·åãææ©çãªæé·ããŸãã¯äžè¬çãªããã©ã«ã ASN å€ã䜿çšãããã«ããµã€ãå±éãªã©ã«ããããã©ã€ããŒã ASN ã®éè€ã«çŽé¢ããããšããããããŸããè€æ°ã®ãµã€ããåäžã® ASN ã䜿çšããŠããå ŽåãBGP ã®ã«ãŒã鲿¢æ©èœããAS-path ã«ãã®ãµã€ãèªèº«ã® ASN ãå«ãã«ãŒããæåŠããWAN å
šäœã®ãšã³ãããŒãšã³ãã®éä¿¡ã劚ããŸãã ãã®ã·ããªãªã§ã¯ã2ã€ã® ASN ã®ç«¶åããšã³ãããŒãšã³ãã®éä¿¡ã劚ããŠããŸããå³5ã«ç€ºãããã«ãDC1 ãš DC2ïŒAïŒã¯ã©ã¡ãã ASN 65000 ã䜿çšããŠããŸããAWS Cloud WAN ããããã®éã§ã«ãŒããäŒæãããšãåãµã€ã㯠AS-path ã«èªèº«ã® ASN ãæ€åºãããããçžæã®ã«ãŒããæåŠããŸããããã BGP ã®ã«ãŒã鲿¢æ©èœãåŒãèµ·ãããŸãã å³5ïŒDC1 ãš DC2 éã§ BGP ã«ãŒã鲿¢æ©èœãåŒãèµ·ãã ASN ã®ç«¶å 2ã€ç®ã®ç«¶åïŒBïŒã¯ãå³6ã«ç€ºãããã«ãASN 64512 ã䜿çšãã DC3 ããap-southeast-2 ã® AWS Cloud WAN ã³ã¢ãããã¯ãŒã¯ãšããžïŒCNEïŒã® ASN ãšç«¶åãããšãããã®ã§ããããã«ãããDC3 ã®ã«ãŒã㯠ap-southeast-2 ã® CNE ã«ãã£ãŠãããããããDC3 ããã® CNE ããã®ã«ãŒããããããããŸãã å³6ïŒDC3 ãš AWS Cloud WAN CNE éã® ASN ã®ç«¶åã«ããã«ãŒãäŒæã®ããã㯠ããã2ã€ã®ç«¶åãçµã¿åãããããšã§ã3ã€ã®ããŒã¿ã»ã³ã¿ãŒãã¹ãŠã«ããã£ãŠå°éæ§ãå®å
šã«å€±ãããçµæãšãªããŸãã AWS Cloud WAN ã®ã«ãŒãã£ã³ã°ããªã·ãŒã¯ãreplace-asn-list ã¢ã¯ã·ã§ã³ã«ãã£ãŠãã®åé¡ã«å¯ŸåŠããŸãããã®ã¢ã¯ã·ã§ã³ã¯ãAS-path å
šäœãæå®ãã ASN ã®ã»ããã§çœ®ãæããã«ãŒã鲿¢æ©èœãåŒãèµ·ããç«¶åãåãé€ãããªã³ãã¬ãã¹ã® BGP ã®çªå·ãæ¯ãçŽãããšãªãæ¥ç¶ã埩å
ããŸãã å³7ã«ç€ºãããã«ã3ã€ã®ããŒã¿ã»ã³ã¿ãŒã¯ AWS Cloud WAN ãäžå€®ã®ã°ããŒãã«ããã¯ããŒã³ãšããŠäœ¿çšããŸããDC1 㯠ap-southeast-2 ãªãŒãžã§ã³ã® Direct Connect ãéããŠæ¥ç¶ããDC2 㯠us-west-2 ãªãŒãžã§ã³ã® Site-to-Site VPN ãéããŠæ¥ç¶ããDC3 ã¯ã¡ãããã¡ã€ããŒçµç±ã§ DC2 ãéã㊠AWS Cloud WAN ã«å°éããŸããã€ã³ããŠã³ãã«ãŒãã£ã³ã°ããªã·ãŒã¯ã2ã€ã®ã¢ã¿ããã¡ã³ããã€ã³ãã«é©çšãããŸãã(1) DC1 çšã® Direct Connect ã²ãŒããŠã§ã€ã¢ã¿ããã¡ã³ããããã³ (2) DC2 çšã® VPN ã¢ã¿ããã¡ã³ãã§ããDC3 ã®ã«ãŒã㯠DC2 ã® VPN ã¢ã¿ããã¡ã³ããçµç±ããŠééããããããã®ã¢ã¿ããã¡ã³ãã®ã€ã³ããŠã³ãããªã·ãŒã DC2 ãš DC3 ã®äž¡æ¹ã® ASN 眮æãåŠçããŸãã å³7ïŒ3ã€ã®ããŒã¿ã»ã³ã¿ãŒãã¹ãŠã®æ¥ç¶ã埩å
ãã ASN 眮æã«ãŒãã£ã³ã°ããªã·ãŒ 次ã®è¡šã¯ãASN ã®çœ®æããŸãšãããã®ã§ãã ãœãŒã¹ å
ã® ASN 眮æåŸã® ASN çç± DC1ïŒDirect ConnectïŒ 65000 65550 DC2 ã§ã®ã«ãŒãæ€åºãåé¿ DC2ïŒSite-to-Site VPNïŒ 65000 65551 DC1 ã§ã®ã«ãŒãæ€åºãåé¿ DC3ïŒDC2 ã®ã¡ãããã¡ã€ããŒçµç±ïŒ 64512 65552 ap-southeast-2 ã® CNE ASN ãšã®ç«¶åãåé¿ éèŠïŒAWS Cloud WAN ã®ã³ã¢ãããã¯ãŒã¯ãšããžïŒCNEïŒã¯ãã€ã³ããŠã³ãã«ãŒãã£ã³ã°ããªã·ãŒãè©äŸ¡ãããåã«ãBGP AS-path ã®ã«ãŒãæ€åºãå®è¡ããŸããCNE ãèªèº«ã® ASN ãšäžèŽãã ASN ãæã€ã«ãŒããåä¿¡ããå Žåãreplace-asn-list ã¢ã¯ã·ã§ã³ãå®è¡ãããåã«ãã®ã«ãŒããããããããŸããããããžãŒãèšç»ããéã¯ããªã³ãã¬ãã¹ã®ã«ãŒãããåä¿¡åŽã® CNE ã® ASN ãšäžèŽãã ASN ãæããªãããã«ããŠãã ããã ä»çµã¿ ãã®ã¢ãããŒãã¯ãåãµã€ãã«åºæã§ç«¶åããªã眮æ ASN ãå²ãåœãŠãããšã§ãã©ã®ãµã€ããäŒæãããã«ãŒãã®äžã«èªèº«ã® ASN ãèŠãããšããªãããŸããã©ã®ã«ãŒããããããžãŒå
ã® CNE ãšç«¶åãã ASN ãæããªãããã«ãããã®ã§ããDC1 ã AWS Cloud WAN ã«ã«ãŒããã¢ããã¿ã€ãºãããšãDirect Connect ã²ãŒããŠã§ã€ã¢ã¿ããã¡ã³ãã®ã€ã³ããŠã³ãããªã·ãŒããAS-path å
šäœã ASN 65550 ã§çœ®ãæããŸãããããã®ã«ãŒã㯠AWS Cloud WAN ãéããŠäŒæããAS-path ã« 65000 ã§ã¯ãªã 65550 ãå«ãã ç¶æ
ã§ DC2 ã«å°éãããããDC2 ã®ã«ãŒã¿ãŒã¯ã«ãŒãæ€åºãåŒãèµ·ããããšãªãããããåãå
¥ããŸãã DC2 ãã«ãŒããã¢ããã¿ã€ãºãããšãVPN ã¢ã¿ããã¡ã³ãã®ã€ã³ããŠã³ãããªã·ãŒã AS-path å
šäœã ASN 65551 ã§çœ®ãæããŸããããã«ãã DC1 ã¯ãAS-path ã« 65000 ã§ã¯ãªã 65551 ãå«ãã ç¶æ
ã§ãããã®ã«ãŒããåä¿¡ãããããBGP ã®ã«ãŒãæ€åºãé²ããDC1 ãš DC2 éã®åæ¹åéä¿¡ã埩å
ããŸãã DC3 ã«ã€ããŠã¯ãã«ãŒã㯠ASN 64512ïŒDC3ïŒãš ASN 65000ïŒDC2ïŒã®äž¡æ¹ãæã£ãç¶æ
ã§ãDC2 ã® VPN ã¢ã¿ããã¡ã³ããéã㊠AWS Cloud WAN ã«å
¥ããŸããã€ã³ããŠã³ãããªã·ãŒã¯ AS-path å
šäœãåäžã®å°çš ASNïŒ65552ïŒã§çœ®ãæããç«¶åãã2ã€ã®å€ã1åã®æäœã§åãé€ããŸããããã«ãããDC3 ã®ãã¬ãã£ãã¯ã¹ã AWS Cloud WAN ã®ã«ãŒãããŒãã«ã«åãå
¥ããããDC1 ããã³ã¯ã©ãŠããªãœãŒã¹ã«ã¢ããã¿ã€ãºãããããã«ãªããŸãã ãã¹ãŠã®çœ®æ ASNïŒ65550ã65551ã65552ïŒã¯ãã³ã¢ãããã¯ãŒã¯ãšããžçšã«èšå®ããã ASN ç¯å²ã®å€ããéžæãããŠããŸããã«ãŒãã£ã³ã°ããªã·ãŒã®çœ®æå€ã¯ãAWS Cloud WAN ã® CNE ã® ASN ç¯å²ãšéè€ã§ããªãããã§ãã ã¹ããã1ïŒDC1 ã® Direct Connect ã²ãŒããŠã§ã€ã¢ã¿ããã¡ã³ãã«ã€ã³ããŠã³ãããªã·ãŒãå®çŸ©ãã ãã®ããªã·ãŒã¯ãDC1 ããå°çãã AS-path ã« ASN 65000 ãå«ãã«ãŒãã«ãããããããã 65550 ã«çœ®ãæããŸãããããã®ã«ãŒãã DC2 ã«äŒæããããšããAS-path ã«ã¯ 65000 ãå«ãŸããªããªããããDC2 ã®ã«ãŒã¿ãŒã¯ããããåãå
¥ããŸãã { "routing-policies": [ { "routing-policy-name": "replaceasndc1", "routing-policy-description": "Replace ASN 65000 from DC1 with 65550 to avoid loop detection at DC2", "routing-policy-direction": "inbound", "routing-policy-number": 100, "routing-policy-rules": [ {"rule-number": 10, "rule-definition": {"match-conditions": [{"type": "asn-in-as-path", "value": 65000}], "condition-logic": "and", "action": {"type": "replace-asn-list", "value": [65550]}}} ] } ] } ã¹ããã2ïŒDC2 ã® VPN ã¢ã¿ããã¡ã³ãã«ã€ã³ããŠã³ãããªã·ãŒãå®çŸ©ãã ãã®ããªã·ãŒã¯ã2ã€ã®ã«ãŒãã£ã³ã°ã«ãŒã«ã䜿çšã㊠ASN ã®ç«¶åã解決ããŸãã ã«ãŒã«10 ïŒDC3 ã® ASNïŒ64512ïŒã 65552 ã«çœ®ãæããŸãã ã«ãŒã«20 ïŒDC2 ã® ASNïŒ65000ïŒã 65551 ã«çœ®ãæããŸãã DC3 ããã®ã«ãŒã㯠DC2 ãçµç±ããŠééãããããAS-path ã«äž¡æ¹ã® ASN ãå«ã¿ãŸãããã®ãããé åºãéèŠã§ããreplace-asn-list 㯠AS-path å
šäœãäžæžããããããDC3 ã®ã«ãŒããå°çšã®çœ®æ ASNïŒ65552ïŒãåãåããããã«ãã«ãŒã«10 ãå
ã«å®è¡ããå¿
èŠããããŸãã ããã«ãŒã«20 ãå
ã«å®è¡ããããšãDC2 ã® ASN ã«ãããã㊠AS-path å
šäœã 65551 ã§çœ®ãæããŠããŸããŸããDC3 ã®ã«ãŒãã¯äŸç¶ãšããŠåãå
¥ããããæ¥ç¶ã¯æ©èœããŸãããDC2 ã®ã«ãŒããšåºå¥ãã€ããªããªããã«ãŒãã®è¿œè·¡ããã©ãã«ã·ã¥ãŒãã£ã³ã°ãé£ãããªããŸãã { "routing-policies": [ { "routing-policy-name": "replaceasndc2", "routing-policy-description": "Replace ASN 65000 from DC2 with 65551 and ASN 64512 from DC3 with 65552", "routing-policy-direction": "inbound", "routing-policy-number": 200, "routing-policy-rules": [ {"rule-number": 10, "rule-definition": {"match-conditions": [{"type": "asn-in-as-path", "value": 64512}], "condition-logic": "and", "action": {"type": "replace-asn-list", "value": [65552]}}}, {"rule-number": 20, "rule-definition": {"match-conditions": [{"type": "asn-in-as-path", "value": 65000}], "condition-logic": "and", "action": {"type": "replace-asn-list", "value": [65551]}}} ] } ] } ã¹ããã3ïŒããªã·ãŒãã¢ã¿ããã¡ã³ãã«é¢é£ä»ãã routing-policy-label ã«ããããã attachment-routing-policy-rules ãå®çŸ©ããããšã§ãåã«ãŒãã£ã³ã°ããªã·ãŒãã¢ã¿ããã¡ã³ãã«é¢é£ä»ããŸããrouting-policy-label ãã©ã¡ãŒã¿ãŸãã¯ã³ã³ãœãŒã«ã䜿çšããŠãåã¢ã¿ããã¡ã³ãã«æå®ã® routing-policy-label ãã¿ã°ä»ãããŸãã { "attachment-routing-policy-rules": [ {"rule-number": 100, "conditions": [{"type": "routing-policy-label", "value": "dc1inbound"}], "action": {"associate-routing-policies": ["replaceasndc1"]}}, {"rule-number": 200, "conditions": [{"type": "routing-policy-label", "value": "dc2inbound"}], "action": {"associate-routing-policies": ["replaceasndc2"]}} ] } æåŸã«ãrouting-policy-label ãã©ã¡ãŒã¿ãŸãã¯ã³ã³ãœãŒã«ã䜿çšããŠãåã¢ã¿ããã¡ã³ãã«æå®ã® routing-policy-label ãã¿ã°ä»ãããŸãããã®ã·ããªãªã§ã¯ãã©ãã« dc1inbound ã DC1 ã® Direct Connect ã²ãŒããŠã§ã€ã¢ã¿ããã¡ã³ãã«ãdc2inbound ã DC2 ã® VPN ã¢ã¿ããã¡ã³ãã«å²ãåœãŠãŸãã ç¥ã£ãŠããã¹ãããš AWS Cloud WAN ãžã® Direct Connect ã²ãŒããŠã§ã€ã¢ã¿ããã¡ã³ããäœæããéãDXGW ãæ¥ç¶ãã CNE ãéžæã§ããŸããå CNE ã¯èªèº«ã®ããŒã«ã«ãªãŒãžã§ã³ã® VPC ã«ãŒãã®ã¿ã DXGW ã«ã¢ããã¿ã€ãºãããããé¢é£ä»ããå¶éããç¹å¥ãªçç±ããªãéããã·ããªãª2ã«ç€ºãããã«ãã¹ãŠã® CNE ãéžæããããšãæšå¥šããŸãã IPv6 ããµããŒããããŠããŸããåããããæ¡ä»¶ãã¢ã¯ã·ã§ã³ãããªã·ãŒæ§é ã IPv6 ãã¬ãã£ãã¯ã¹ã«ãé©çšãããŸãïŒã¯ã€ã«ãã«ãŒãããããšã㊠::/0 ã䜿çšïŒãæ¬èšäºã§èª¬æãããã¹ãŠã®ã·ããªãªã«ãããŠãIPv6 ã®ã«ãŒãäŒæã«åäžã®ã«ãŒãã£ã³ã°ããªã·ãŒãã¿ãŒã³ãé©çšã§ããŸãã ã·ããªãª2ã«ç€ºãããã«è€æ°ã® Direct Connect ã²ãŒããŠã§ã€ããããã€ãããšãåäžã® Direct Connect ã²ãŒããŠã§ã€ïŒDXGWïŒã䜿çšããå Žåãããããã现ããªã«ãŒãã£ã³ã°å¶åŸ¡ãå¯èœã«ãªããŸããAWS Cloud WAN ã®ã«ãŒãã£ã³ã°ããªã·ãŒã¯ãVIF ã DXGW ã®ã¬ãã«ã§å©çšã§ãããã®ãããå¹
åºã BGP 屿§ã®å¶åŸ¡ãæäŸããŸãããªã³ãã¬ãã¹æ¥ç¶ãè€æ°ã® DXGW ã«åæ£ãããããšã§ãã«ãŒãã£ã³ã°ã®æ±ºå®ã AWS Cloud WAN ã«ç§»ãããã©ãã£ãã¯ãšã³ãžãã¢ãªã³ã°ã®ããã®ããè±å¯ãªããªã·ãŒå¶åŸ¡ãå©çšã§ããããã«ãªããŸãã ã«ãŒãã£ã³ã°ããªã·ãŒå
ã®ã«ãŒã«ã¯ãrule-number ã®é ã«è©äŸ¡ãããŸããè©äŸ¡ã忢ããçµç«¯ã¢ã¯ã·ã§ã³ã¯ drop ãš allow ã®ã¿ã§ããreplace-asn-listãset-local-preferenceãadd-community ãªã©ã®ãã®ä»ã®ã¢ã¯ã·ã§ã³ã¯éçµç«¯ã§ãããè©äŸ¡ã¯æ®ãã®ã«ãŒã«ãžãšç¶ããå倿ŽãåŒãç¶ãããŠãããŸããreplace-asn-list ã¢ã¯ã·ã§ã³ã¯ãåã
ã® ASN ã眮æããã®ã§ã¯ãªããAS-path å
šäœãäžæžãããŸãããã®çµæãå
ã®ã«ãŒã«ã«ãã£ãŠå€æŽãããã«ãŒãã¯ãåŸã®ã«ãŒã«ããããããããã®å
ã® ASN ããã¯ãæã¡ãŸãããã·ããªãª3ã® DC2 ãçµç±ãã DC3 ã®ã«ãŒãã®ããã«ãã«ãŒããè€æ°ã® ASN ãæã¡ããå Žåã¯ãæãå
·äœçãªããããæåã«é©çšãããããã«ã«ãŒã«ãé åºä»ããŠãã ããã AWS Cloud WAN ã¯ãCNE ããšã« BGP AS-path ã®ã«ãŒãæ€åºãå®è¡ãããã®ãã§ãã¯ã¯ã€ã³ããŠã³ãã«ãŒãã£ã³ã°ããªã·ãŒãé©çšãããåã«å®è¡ãããŸããåä¿¡ã«ãŒãã® AS-path ã«ããã®ã¢ã¿ããã¡ã³ããæ¥ç¶ãã CNE ã® ASN ãå«ãŸããŠããå Žåãreplace-asn-list ããªã·ãŒã倿Žãå ããåã«ãã®ã«ãŒãã¯æåŠãããŸãïŒè©³çްãªäŸã«ã€ããŠã¯ã·ããªãª3ãåç
§ããŠãã ããïŒã ã¯ãªãŒã³ã¢ãã æ¬èšäºã§èª¬æããã«ãŒãã£ã³ã°ããªã·ãŒã¯ãAWS Cloud WAN ã®ã³ã¢ãããã¯ãŒã¯ããªã·ãŒããã¥ã¡ã³ãå
ã§å®çŸ©ããããã®ã§ãããåç¬ã§èª²é察象ãšãªããªãœãŒã¹ãäœæããããšã¯ãããŸããããããã®èšå®ãåé€ããã«ã¯ãæ¬¡ã®æé ãå®è¡ããŸãã AWS Cloud WAN ã³ã³ãœãŒã«ã§ã¢ã¿ããã¡ã³ããç·šéããããAWS CLI ã䜿çšããŠãåã¢ã¿ããã¡ã³ããã routing-policy-label ãåé€ããŸãã ããªã·ãŒãåç
§ããŠãã attachment-routing-policy-rules ãšããã¹ãŠã® segment-actions ãåé€ããŸãã ã³ã¢ãããã¯ãŒã¯ããªã·ãŒã® routing-policies ã»ã¯ã·ã§ã³ãããã«ãŒãã£ã³ã°ããªã·ãŒã®å®çŸ©ïŒtagTgwRoutesãfilterRoutesToHybridãpathPreferenceDxgw*ãreplaceasn*ïŒãåé€ããŸãã 倿Žãé©çšããããã«ãã³ã¢ãããã¯ãŒã¯ããªã·ãŒã®ããŒãžã§ã³æŽæ°ãéä¿¡ããŸãã ã·ããªãª2ã§ãããŒãžããã¬ãã£ãã¯ã¹ãªã¹ããäœæããããããäžèŠã«ãªã£ãå Žåã¯ãAWS CLI ãŸã㯠AWS ãããžã¡ã³ãã³ã³ãœãŒã«ã䜿çšããŠåé€ããŸãã ãŸãšã æ¬èšäºã§ã¯ãAWS Cloud WAN ã®ã«ãŒãã£ã³ã°ããªã·ãŒãããã€ããªããç°å¢ããã«ããµã€ãç°å¢ã«ãããäžè¬çãªã«ãŒãã£ã³ã°ã®èª²é¡ãã©ã®ããã«è§£æ±ºã§ãããã瀺ãã3ã€ã®å®éçšã·ããªãªãåãäžããŸãããã³ãã¥ããã£ã®ã¿ã°ä»ããšãã£ã«ã¿ãªã³ã°ã䜿çšã㊠Transit Gateway ç°å¢ããã®ã«ãŒãäŒæãå¶åŸ¡ããæ¹æ³ãããŒã«ã«ããªãã¡ã¬ã³ã¹ã䜿çšããŠè€æ°ã® DXGW ãš Direct Connect ãã±ãŒã·ã§ã³éã®ãã¹éžæãæ¹åããæ¹æ³ããã㊠AS-path ã®çœ®æã䜿çšã㊠BGP ã® ASN ã®ç«¶åã解決ããæ¹æ³ã玹ä»ããŸãããã«ãŒãã£ã³ã°ããªã·ãŒèšå®ã®åºç€ãæ±ã£ã Part 1 ãšåãããŠããããã®ã·ããªãªã¯ãAWS Cloud WAN ãã°ããŒãã«ãããã¯ãŒã¯ã®çµ±åçãªã«ãŒãã£ã³ã°å¶åŸ¡ã¬ã€ã€ãŒãšããŠã©ã®ããã«äœ¿çšã§ãããã瀺ããŠããŸããå§ããã«ã¯ã AWS Cloud WAN ã®ããã¥ã¡ã³ã ãåç
§ããŠãã ããã èè
ã«ã€ã㊠Jordan Rojas Garcia Jordan ã¯ãAWS ã® Worldwide Specialist Organization ã«æå±ããã·ãã¢ãããã¯ãŒã¯ã¹ãã·ã£ãªã¹ããœãªã¥ãŒã·ã§ã³ã¢ãŒããã¯ãã§ããåŸæ¥åã®ããŒã¿ã»ã³ã¿ãŒãããã¯ãŒã¯ã®åéã§ãã£ãªã¢ãã¹ã¿ãŒããã2018幎㫠AWS ã«å
¥ç€ŸããŸãããAWS ã§ã¯ãã¯ã©ãŠããããã¯ãŒãã³ã°ãœãªã¥ãŒã·ã§ã³ã®èšèšã«æ³šåããAWS ã¯ã©ãŠãã§ãããã¯ãŒã¯ãæ§ç¯ããããã®ã¬ã€ãã³ã¹ãšãã¹ããã©ã¯ãã£ã¹ãæäŸããŠããŸããä»äºä»¥å€ã§ã¯ãæ
è¡ãæ°ããæçã®éæããã€ãã³ã°ã楜ãã¿ãäºèŒªè»ãšå茪è»ã®é転ãžã®æ
ç±ãçãããŠããŸãã Akeef Khan Akeef Khan ã¯ããªãŒã¹ãã©ãªã¢ã®ã·ãããŒãæ ç¹ãšãã Amazon Web Services ã®ãœãªã¥ãŒã·ã§ã³ã¢ãŒããã¯ãã§ããCross-Industries ã»ã°ã¡ã³ãã®ã客æ§ãæ
åœããå°å£²æ¥ã QSRïŒã¯ã€ãã¯ãµãŒãã¹ã¬ã¹ãã©ã³ïŒã®çµç¹ã AWS ãæ¡çšãéçšãã¹ã±ãŒã«ã§ããããæ¯æŽããŠããŸãã圌ã®å°éåéã¯ãããã¯ãŒãã³ã°ã§ãããAWS ã®ãµãŒãã¹ã䜿ã£ãŠã客æ§ã®ã°ããŒãã«ãªãããã¯ãŒã¯æ¥ç¶ãã·ã³ãã«ã«ããããšã«æ
ç±ã泚ãã§ããŸããä»äºä»¥å€ã§ã¯ãæ°ãããã¯ãããžãŒã®æ¢æ±ãšç¶ç¶çãªåŠç¿ã楜ããã§ããŸãã 翻蚳㯠Solutions Architect ã®ç°æ 倧å°ãæ
åœããŸãããåæã¯ ãã¡ã ã§ãã