AWS Certified Advanced Networking - Specialty Exam: Troubleshooting Direct Connect and VPN Connection Preference

How to Ensure Direct Connect Connection is Used

Prev Question Next Question

Question

You work for an organization that has a Direct Connect Connection and a backup VPN connection.

This has been set up just recently.

After setting it up, the traffic flow still prefers the VPN connection instead of the Direct connection.

You have prepended a longer AS_PATH on the VPN connection, but this connection is being preferred even then. Which of the below steps can be used to ensure the Direct Connect connection is used?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - D.

It could be that the route being specified for the routing table is more specific for the VPN connection.

Hence this is being preferred.

The AWS Documentation clearly states that the most specific route in your route table matches the traffic to determine how to route the traffic is used.

Hence it is better to ensure the VPN connection has a less specific route to ensure that it is not the preferred route that is taken.

Option A is incorrect since the AS_PATH would not alter the requirements given in the question.

Option B is incorrect because when the VPN is configured as "dynamic" that would make the VPN preferred over Direct Connect, that would not solve the requirement given in the question.

Option C is incorrect because decreasing the MED property on the VPN would make it more preferred over Direct Connect.

https://aws.amazon.com/directconnect/faqs/???????

For more information on Routing using Route tables, please refer to the below URL:

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Route_Tables.html#route-tables-vgw

When setting up a Direct Connect (DX) connection and a backup Virtual Private Network ( VPN) connection, it's important to ensure that traffic is routed through the DX connection as much as possible to minimize costs and maximize performance.

In this scenario, the VPN connection is being preferred over the DX connection even after prepending a longer AS_PATH to the VPN connection. AS_PATH is a BGP attribute that contains a sequence of autonomous system numbers that a BGP update has passed through, and it's used to prevent loops in the network.

To ensure that the DX connection is used instead of the VPN connection, you can perform the following steps:

A. Remove the prepended AS_PATH: Removing the prepended AS_PATH from the VPN connection may not have any impact on the routing decision.

B. Reconfigure the VPN as a dynamic VPN: Dynamic VPNs use BGP to dynamically advertise routes and update the routing tables. By configuring the VPN connection as a dynamic VPN, it will be more likely to use the DX connection for traffic routing.

C. Decrease the MED property on the VPN connection: MED (Multi-Exit Discriminator) is a BGP attribute used to influence the path selection. By decreasing the MED property on the VPN connection, it will become a less preferred route for traffic routing, and the DX connection will be preferred.

D. Advertise a less specific prefix on the VPN connection: By advertising a less specific prefix on the VPN connection, it will become a less preferred route for traffic routing, and the DX connection will be preferred.

Therefore, option C or D are more likely to be the correct answers. Decreasing the MED property or advertising a less specific prefix on the VPN connection can influence the path selection and make the DX connection the preferred route for traffic routing.