AWS Direct Connect and routing specific information
AWS advertises the Genesys CIDR block both publicly and within Direct Connect.
- Direct Connect customers who are not performing route filtering have no additional changes to make. Genesys recommends doing a lookup on the route table to ensure they are seeing the Genesys CIDR block (18.104.22.168/20 or 22.214.171.124/21), which includes anything greater than or equal to /20 or 21. For example, AWS may segment the block into /21’s, /22’s, /23’s, /24’s, and so on.
- Direct Connect customers who are performing route filtering must permit the Genesys CIDR block (126.96.36.199/20 or 188.8.131.52/21), which includes anything greater than or equal to /20 or 21. For example, AWS may segment the block into /21’s, /22’s, /23’s, /24’s, and so on.
- Direct Connect customers who need to filter region specific Genesys Cloud CIDRs should use prefix-lists and community tags. The prefix-list for 184.108.40.206/20 should allow /20 and any prefix less than /32, and the prefix-list for 220.127.116.11/21 should allow /21 and anything less than /32. The community tag set by AWS for region specific prefixes is 7224:8100. To verify the correct community tag, see AWS Routing policies and BGP communities. By using both of these filtering techniques, customers can automatically accept regional Genesys Cloud CIDRs.
For more information on AWS Direct Connect routing and filtering, see AWS Routing policies and BGP communities.
Direct Connect example
For this example, suppose that the Direct Connect circuit terminates into us-east-1 and AWS is advertising a Genesys prefix of 18.104.22.168/24 out of the us-east-1 region and 22.214.171.124/24 out of the us-west-2 region. The Direct Connect customer receives both advertisements on their us-east-1 circuit.
To filter these networks and prefer, or accept, the 126.96.36.199/24 prefix, the customer uses a prefix-list and community tag. The prefix-list should allow 188.8.131.52/21 and include any prefix less than /32. The community tag match would be for 7224:8100.
In this case, the community tag is a unique identifier for a region’s route advertisements from AWS. The community tag set by AWS allows a customer to differentiate routes from region, continent, or global. Therefore, the applied filters would cause the us-east-1 prefix, 184.108.40.206/24, to be matched on the Direct Connect circuit in us-east-1. The us-west-2 prefix, 220.127.116.11/24, would not be matched and could be dropped or set as a least preferred path.