Skip to Content

ANS-C01: Fixing Unstable AWS Site-to-Site VPN Connectivity

By: Author Alex Lim

Posted on

Categories Amazon, Exam

AWS VPN becoming unstable? Learn recommended steps like configuring dead peer detection and ping monitoring to improve VPN tunnel reliability.

Table of Contents

Question

A social media company has installed an AWS Site-to-Site VPN and the networking team has noticed that the VPN tunnel is unstable or the tunnel status is frequently down on the customer gateway device.

Which steps should the networking team take to address this issue? (Select two)

A. Customer gateway device is configured to receive and respond to dead peer detection (DPD) messages
B. Use a higher multi-exit discriminator (MED) value on the preferred path to prefer one tunnel
C. Create a host that sends ICMP requests to an instance in your VPC every 5 seconds
D. Use AS Path prepending on one path to cause all traffic to prefer one tunnel
E. Disable dead peer detection (DPD) on the customer gateway device

Answer

A. Customer gateway device is configured to receive and respond to dead peer detection (DPD) messages
C. Create a host that sends ICMP requests to an instance in your VPC every 5 seconds

Explanation

The networking team should configure the customer gateway device to receive and respond to dead peer detection (DPD) messages (Option A). Enabling DPD will allow the VPN tunnel endpoints to check connectivity by sending ping messages to verify the peer is still available.

They should also create a host to send periodic ICMP requests like pings to an instance in the VPC every 5 seconds (Option C). This will keep the tunnel active during quiet periods without actual traffic.

The key fixes are to enable liveliness checks and rapidly detect outages to reconnect the tunnel. Options B, D and E related to routing metrics, disabling functionality, and traffic manipulation may cause more issues.

The latest AWS Certified Advanced Networking – Specialty ANS-C01 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Advanced Networking – Specialty ANS-C01 exam and earn AWS Certified Advanced Networking – Specialty ANS-C01 certification.