Redundant VPN connection to AWS using one physical router

Question

I am trying to make the VPN connection redundant as described in this article. https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNConnections.html

What I want to achive is, setup two customer gateways(CGW) for each internet connection and if one connection goes down, I want the router to automatically failover to the other connection so we can keep the VPN connected.

In short: Could I use Multi-Exit Discriminator(MED) to prioritize route from the same physical router using two CGW to one VGW?

Long Version: I have two different internet connections and they are connected to one YAMAHA RTX1210. Customer network on the diagram has only one network address say 192.168.1.0/24.

I belive using static routing would keep the route from primary CGW even if the connection goes down. Therefore, I am using dynamic routing BGP(I am no expert on routing). Yamaha RTX manual states only one AS number can be configured on one physical RTX(currently 65000). And I only connect to one VPC which is attached to one Virtual Private gateway(VGW) and the ASN of VGW is currently configured as 64512.

If I can use only one router(BGP ASN 65000) to connect to one VGW using two different customer gateways, ASN of the VGW will be same(ASN 64512) for all bgp neighbors so I believe it is not possible to use AS PATH to prioritize the route. In that case, will I be able to use MED to set priority on the route?

Jyothsna@AWS mentions about MED being available in this forums. https://forums.aws.amazon.com/thread.jspa?threadID=120388

But in this slide(in Japanese), there is a mention saying MED is not officially available. https://www.slideshare.net/qt_takada/awsvpn

Could someone please tell me how I can achive the redundant setup? I think it can be achived by adding following configuration but I am not sure if AWS accepts it.

# BGP neighbor for connection A
# by adding metric=, lower metric Neighbor would have higher priority?(will not use MED on bgp import filter)
bgp neighbor 1 64512 xxx.xxx.xxx.x1 hold-time=30 local-address=xxx.xxx.xxx.x1 metric=1
bgp neighbor 2 64512 xxx.xxx.xxx.x2 hold-time=30 local-address=xxx.xxx.xxx.x2 metric=2

# BGP neighbor for connection B
bgp neighbor 3 64512 xxx.xxx.xxx.x3 hold-time=30 local-address=xxx.xxx.xxx.x3 metric=3
bgp neighbor 4 64512 xxx.xxx.xxx。x4 hold-time=30 local-address=xxx.xxx.xxx.x4 metric=4

I know I should be asking the technical support but I only have basic support. Thank you in advance

Answer 1

For anyone interested, I was able to achieve the setup by adding hide, weight 0 to the default gateway.

# bgp neighbors as above
ip route default gateway pp 1 hide gateway pp 2 weight 0
ip route xx.xx.xx.xx/xx gateway tunnel 1 hide gateway tunnel 2 hide ...

When the primary internet connection is alive, it will use the first two bgp neighbors and tunnels. 3rd and 4th bgp neighbors will have the sate of Idle and tunnels are not connected. When the primary connection is unplugged and secondary becomes active, 3rd and 4th bgp neighbors and tunnels will be available. Since bgp neighbors and tunnels become Idle state after unplugging the primary connection, adding metric= to bgp neighbors were not even necessary.

it takes about 30 seconds to switch the connection and activate the VPN with secondary connection.