About Routing Configuration for VPN Connections

A VPN connection relies on two types of routes that you need to configure, between your corporate network and one of your Virtual Private Clouds (VPCs) in the OUTSCALE Cloud.

Route Types

A VPN connection relies on two types of routes:

VPC routes: traffic inside the VPC, between the instances and the virtual private gateway. To get information about these routes, see Getting Information About Your Route Tables.
VPN routes: traffic inside the VPN tunnel, between the virtual private gateway and the customer gateway. To get information about these routes, see Getting Information About Your VPN Connections.

Both types of routes use the CIDR of your corporate network as destination, and the ID of the virtual private gateway as target.

VPN Connection Routes

sch General VPNConnectionRoutes

Static and Dynamic Routing

To enable instances in your VPC to reach the customer gateway, you must specify the type of routing for the VPN connection, and update the route table in the subnet of the VPC accordingly:

For static routing, you need to create new VPN routes. For more information, see Creating a VPN Connection Route.
For dynamic routing, you do not need to create VPN routes. However, you must use devices that support the Border Gateway Protocol (BGP). For more information, see the BGP ASN section below.

You cannot change the type of routing after creating the VPN connection.
You can use a default or custom route table.

Configuration

VPN Connection Routing Flowchart

sch General VPNConnectionRoutingFlowChart

Route Propagation

You can enable route propagation to a route table associated with a subnet of the VPC. This action automatically updates the route table to include routes from the VPC pointing to the virtual private gateway. Route propagation is not mandatory, and works for both static and dynamic routing. You can use a default or custom route table. For more information, see Enabling Route Propagation.

Otherwise, you need to manually update the route table with each route. For more information, see Creating a Route.

BGP ASN

The Border Gateway Protocol (BGP) is a dynamic routing protocol that relies on Autonomous System Numbers (ASN). In a VPN connection using BGP, the customer gateway advertises an ASN to help the virtual private gateway find a path to it through the Internet.

To use BGP, your resources must support dynamic routing. The BGP is not mandatory: you can choose static routing, even though your resources do support dynamic routing.

If you connect several customer gateways in the same network with a single virtual private gateway, these customer gateways must all use the same BGP ASN.

Otherwise, you need to create new VPN routes manually. For more information, see Creating a VPN Connection Route.

Related Pages