Learn how to implement inter-VPC connectivity and IPv6 support for hybrid environments with AWS Transit Gateways, dual-stack VPNs and cross-region peering capabilities.
Table of Contents
Question
A company has a single VPC in the us-east-1 Region. The company is planning to set up a new VPC in the us-east-2 Region. The existing VPC has an AWS Site-to-Site VPN connection to the company’s on-premises environment and uses a virtual private gateway.
A network engineer needs to implement a solution to establish connectivity between the existing VPC and the new VPC. The solution also must implement support for IPv6 for the new VPC. The company has new on-premises resources that need to connect to VPC resources by using IPv6 addresses.
Which solution will meet these requirements?
A. Create a new virtual private gateway in us-east-1. Attach the new virtual private gateway to the new VPC. Create two new Site-to-Site VPN connections to the new virtual private gateway with IPv4 and IPv6 support. Configure routing between the VPCs by using VPC peering.
B. Create a transit gateway in us-east-1 and in us-east-2. Attach the existing VPC and the new VPC to each transit gateway. Create a new Site-to-Site VPN connection to each transit gateway with IPv4 and IPv6 support. Configure transit gateway peering. Configure routing between the VPCs and the on-premises environment.
C. Create a new virtual private gateway in us-east-2. Attach the new virtual private gateway to the new VPCreate two new Site-to-Site VPN connections to the new virtual private gateway with IPv4 and IPv6 support. Configure routing between the VPCs by using VPC peering.
D. Create a transit gateway in us-east-1. Attach the existing VPC and the new VPC to the transit gateway. Create two new Site-to-Site VPN connections to the transit gateway with IPv4 and IPv6 support. Configure transit gateway peering. Configure routing between the VPCs and the on-premises environment.
Answer
B. Create a transit gateway in us-east-1 and in us-east-2. Attach the existing VPC and the new VPC to each transit gateway. Create a new Site-to-Site VPN connection to each transit gateway with IPv4 and IPv6 support. Configure transit gateway peering. Configure routing between the VPCs and the on-premises environment.
Explanation
The solution that meets all the requirements is B:
- Create a transit gateway in us-east-1 and us-east-2
- Attach existing and new VPCs to each transit gateway
- Create Site-to-Site VPNs with IPv4 and IPv6 to each transit gateway
- Configure transit gateway peering between the TGWs
- Configure routing between VPCs and on-premises
This provides:
- Single inter-region connectivity solution across VPCs
- Native support for IPv6 VPNs for new on-premises resources
- Existing VPC connectivity maintained
Other options do not fully meet needs:
A/C – Multiple VPNs, does not scale well or support future growth
D – Missing second TGW would not connect regions
Transit gateways with cross-region peering and dual-stack VPNs satisfies connectivity and future proofing for IPv6 in a scalable architecture.
AWS Certified Advanced Networking – Specialty ANS-C01 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the AWS Certified Advanced Networking – Specialty ANS-C01 exam and earn AWS Certified Advanced Networking – Specialty ANS-C01 certification.