AWS re:Invent 2025 - Deep dive into advanced routing policy with AWS Cloud WAN (NET401)

AWS re:Invent 2025 - Deep Dive into Advanced Routing Policy with AWS Cloud WAN

Overview of AWS Cloud WAN

• AWS Cloud WAN is a managed wide-area network service that provides robust, dynamic connectivity between on-premises networks and VPCs across multiple AWS Regions.
• Cloud WAN uses a core network of highly available, scalable routing entities (called "CNEs") to enable traffic flow between on-premises and AWS environments, as well as between AWS Regions.
• Key features of Cloud WAN include:
  • Dynamic routing with no need for static routes
  • Ability to define isolated routing segments
  • Automatic association of networks (VPCs, on-premises) to segments
  • Traffic inspection and service insertion capabilities

Airbnb's Use of AWS Cloud WAN

• Airbnb migrated from a physical data center-based network to an AWS Cloud WAN-based network.
• Key benefits for Airbnb include:
  • Significant cost savings by decommissioning physical data centers and circuits
  • Increased automation and agility in network deployment and management
  • Improved operational efficiency and reduced maintenance overhead
  • Ability to rapidly spin up new data centers in new regions within 2 days

Challenges and Limitations of Dynamic Routing in Cloud WAN

• Uncontrolled route propagation leading to complex routing environments
• Indeterministic traffic patterns due to multiple potential paths (e.g. SD-WAN, Direct Connect)
• Potential route scaling issues when advertising routes to partner networks
• Difficulty in troubleshooting the dynamic routing environment

New Routing Policy Capabilities in AWS Cloud WAN

To address these challenges, AWS has introduced advanced routing policy capabilities in Cloud WAN, including:

Route Filtering

• Allow or drop specific routes/prefixes in inbound and outbound directions for various attachment types (VPN, Direct Connect, Connect, etc.)
• Filter route propagation across segments and between CNEs

Route Summarization

• Advertise summary routes instead of multiple specific prefixes to prevent scaling issues

BGP Property Modification

• Manipulate BGP attributes like local preference, MED, communities, and AS-path to influence traffic patterns

Defining and Applying Routing Policies

• Routing policies are defined using a match-action model, allowing you to match on various prefix and BGP attributes, and apply corresponding actions.
• Routing policies can be applied at different distribution points:
  • Between segments when sharing routes
  • Between regions when propagating routes cross-regionally
  • On individual attachments (e.g. VPN, Direct Connect) using a new "routing policy label" construct

Routing Policy Use Cases and Demos

1. Route Summarization:

   • Summarize VPC routes advertised to on-premises networks to optimize routing
   • Demonstrated per-region and per-segment summarization strategies

2. Overlapping VPC CIDR Filtering:

   • Prevent propagation of primary VPC CIDR to other segments/attachments when a secondary CIDR is available
   • Applied outbound route filter on segment sharing to block primary CIDR

3. Hybrid Route Isolation:

   • Tag on-premises routes with BGP communities to isolate production and development traffic
   • Applied inbound route policies on segment sharing to allow only the appropriate community-tagged routes

4. Cross-Region Traffic Optimization:

   • Set local preference on routes received from different regions to influence traffic path selection
   • Applied outbound route policies to set local preference based on region and segment

Key Considerations and Limitations

• Requires use of Cloud WAN policy version 2025.11
• BGP communities are now transited across all attachments
• Routing policy direction is unidirectional (inbound or outbound)
• Prefix lists associated with a CNE must be unique
• BGP community match and modification not supported on Direct Connect and Transit Gateway peering
• Route policies not supported for network function group service insertion

Conclusion

The new advanced routing policy capabilities in AWS Cloud WAN provide customers with granular control over route propagation, traffic optimization, and troubleshooting in their hybrid and multi-cloud networks. These features address key challenges faced in dynamic routing environments and enable customers to customize their network configurations to meet their specific requirements.