Learn the best solution for routing traffic through a primary AWS Direct Connect connection from one data center while using a second connection for failover.
Table of Contents
Question
A company has two data centers that are interconnected with multiple redundant links from different suppliers. The company Uses IP addresses that are within the 172.16,0.0/16 CIDR block. The company is running iBGP between the two data centers by using a private Autonomous System Number (ASN) and IGP.
The company is moving toward a hybrid setup in which the company will initially use one VPC in the AWS Cloud. An AWS Direct Connect connection runs from the first data center to a Direct Connect gateway by using a private VIF. On the connection, the company advertises a summarized route for the 172.16.0.0/16 network. The company is planning to set up a second summarized route from the second data center to a different Direct Connect location.
The company needs to implement a solution to route traffic to and from AWS through the first Direct Connect connection. The solution must use the second Direct Connect connection for failover purposes only.
Which solution will meet these requirements?
A. Prepend the private ASN on the BGP announcements to AWS from the second data center. Add a second VIF in the first Direct Connect connection. Advertise the same network without any prepends from the first data center. Implement the same setup for the BGP announcement from AWS to the two data centers.
B. Tag the BGP announcements with the local preference BGP community tags. Set the tag to high preference for the first data center. Set the tag to low preference for the second data center.
Configure the second data center’s router to have a lower local preference for the direct AWS BGP advertisements than for the advertisement from the fist data center.
C. Configure the Direct Connect gateway to prefer routing through the Direct Connect connection with the first data center. Configure the second data center’s router to have a lower local preference for the direct AWS BGP advertisements than for the advertisement from the first data center.
D. Configure the focal AWS Region BGP community tag on the BGP route that is advertised from the fist data center. Configure AS_PATH prepends on the BGP announcements from the second data center.
Answer
D. Configure the focal AWS Region BGP community tag on the BGP route that is advertised from the fist data center. Configure AS_PATH prepends on the BGP announcements from the second data center.
Explanation
The company wants to route traffic primarily through the Direct Connect connection from the first data center to AWS, and only use the second data center’s connection for failover. To achieve this routing preference:
- The BGP route advertised from the first data center should be tagged with the local AWS Region BGP community. This community tag informs AWS to prefer this route for traffic destined to the company’s network.
- On the BGP announcements from the second data center, AS_PATH prepends should be configured. Prepending the company’s private ASN multiple times makes the AS_PATH longer for routes advertised from the second data center. BGP prefers shorter AS_PATHs, so this will make AWS prefer the route from the first data center under normal circumstances.
- When the primary Direct Connect connection from the first data center fails, AWS will failover to using the route from the second data center, since it will be the only available path.
Options A, B, and C are incorrect because:
A. Adding a second VIF and advertising the same network from both data centers without any route preference settings will cause unpredictable routing behavior. It doesn’t ensure the first data center’s connection is preferred.
B. Local preference is used within an autonomous system to influence outbound route selection. It is not exchanged between autonomous systems. BGP community tags alone do not influence inbound route preference in AWS.
C. The Direct Connect gateway configuration cannot directly influence routing preference between multiple Direct Connect connections. The second data center’s local preference settings only affect outbound traffic from the data center to AWS, not inbound traffic from AWS.
Therefore, option D is the best solution to meet the company’s requirements for routing traffic primarily through the first data center’s Direct Connect connection and using the second data center for failover.
Amazon AWS Certified Advanced Networking – Specialty ANS-C01 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Advanced Networking – Specialty ANS-C01 exam and earn Amazon AWS Certified Advanced Networking – Specialty ANS-C01 certification.