Learn how to configure transit VIF associations on Direct Connect gateways for an optimal and resilient multi-region hybrid network architecture on AWS.
Table of Contents
Question
An international company wants to implement a multi-site hybrid infrastructure. The company wants to deploy its cloud computing resources on AWS in the us-east-1 Region and in the eu-west-2 Region, and in on-premises data centers in the United States (US) and in the United Kingdom (UK). The data centers are connected to each other by a private WAN connection. IP routing information is exchanged dynamically through BGP. The company wants to have two AWS Direct Connect connections, one each in the US and the UK.
The company expects to have 15 VPCs in each Region with CIDR blocks that do not overlap with each other or with CIDR blocks of the on-premises environment. The VPC CIDR blocks are planned so that the prefix aggregation can be performed both on a Regional level and across the entire AWS environment. The company will deploy a transit gateway in each Region to connect the VPCs. A network engineer plans to use a Direct Connect gateway in each Region. A transit VIF will attach the Direct Connect gateway in each Region to the transit gateway in that Region. The transit gateways will be peered with each other.
The network engineer wants to ensure that traffic follows the shortest geographical path from source to destination. Traffic between the on-premises data centers and AWS must travel across a local Direct Connect connection. Traffic between the US data center and eu-west-2 and traffic between the UK data center and us-east-1 must use the private WAN connection to reach the Direct Connect connection to the appropriate Region when the Direct Connect connection is available. The network must be resilient to failures in either the private WAN connection or with the Direct Connect connections. The network also must reroute traffic automatically in the event of any failure.
How should the network engineer configure the transit VIF associations on the Direct Connect gateways to meet these requirements?
A. Advertise only the aggregate route for the company’s entire AWS environment.
B. Advertise VPC-specific CIDR prefixes from only the local Region. Additionally, advertise the aggregate route for the company’s entire AWS environment.
C. Advertise all the specific VPC CIDR blocks from both Regions.
D. Advertise both Regional aggregate prefixes. Configure custom BGP communities on the routes advertised toward the data center.
Answer
B. Advertise VPC-specific CIDR prefixes from only the local Region. Additionally, advertise the aggregate route for the company’s entire AWS environment.
Explanation
Here’s why:
- Advertising VPC-specific CIDR prefixes from the local Region ensures that traffic between a data center and the VPCs in the local AWS Region travels over the Direct Connect connection in that Region. This satisfies the requirement for traffic to follow the shortest geographical path.
- Advertising the aggregate route for the company’s entire AWS environment provides a backup path. If the Direct Connect connection in one Region fails, traffic can still reach the VPCs in that Region via the private WAN connection to the other Region’s Direct Connect connection and then the transit gateway peering connection. This provides resiliency.
- Option A alone is not sufficient because it doesn’t ensure the shortest path routing under normal conditions.
- Option C is not ideal because it results in unnecessary route advertisement, as each data center only needs specific routes for the local Region.
- Option D could work but is more complex than necessary. Proper route aggregation and selective advertisement is a simpler approach.
In summary, by advertising specific VPC prefixes from the local Region and an aggregate route for all VPCs, the network design achieves optimal routing, resiliency, and automatic failover with the simplest configuration. The transit gateway peering propagates all routes between Regions as a backup while Direct Connect gateways handle route filtering to steer traffic optimally under normal conditions.
Amazon AWS Certified Advanced Networking – Specialty ANS-C01 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Advanced Networking – Specialty ANS-C01 exam and earn Amazon AWS Certified Advanced Networking – Specialty ANS-C01 certification.