Which Site Will AWS Choose to Reach Your Network?
Question
You have two Direct Connect connections and two VPN connections to your network. Following are the details. Site A is VPN 10.2.0.0/24 7224:7100 AS 65000 65000 Site B is VPN 10.2.0.252/30 7224:7300 AS 65000 Site C is DX 10.0.0.0/8 AS 7224:7100 65000 65000 Site D is DX 10.0.0.0/16 AS 7224:7100 65000 65000 65000 Which site will AWS choose to reach your network?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - B.
Option B is correct because "7224:7300" denotes "High preference" and also has the longest prefix.
Hence all other options by default become invalid.
For more information on Route tables, one can visit the below URL.
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Route_Tables.htmlPlease refer to the below link on page 4
https://docs.aws.amazon.com/directconnect/latest/UserGuide/dc-ug.pdfTo determine which site AWS will choose to reach your network, we need to consider the routing table and routing preferences.
AWS will prefer Direct Connect connections over VPN connections as they provide a more reliable and faster connection.
In this scenario, Site C has a larger IP range (10.0.0.0/8) compared to Site D (10.0.0.0/16). Therefore, AWS will prefer Site C's Direct Connect connection over Site D's Direct Connect connection.
Now, to choose between Site A's VPN and Site B's VPN, we need to look at the Autonomous System Number (ASN) and the routing preferences.
Site A and Site C share the same ASN (65000) and Site B has a different ASN (7224:7300). This means that AWS will prefer Site A's VPN connection over Site B's VPN connection as Site A and Site C have a direct peering connection with the same ASN.
Therefore, the answer is A. Site A. AWS will choose Site A's VPN connection to reach your network.
