AWS Networking: Direct Connect vs. VPN Connections

AWS Networking: Choosing the Optimal Path for Reachability

Prev Question Next Question

Question

Your company has the following Direct Connect and VPN Connections Site A - VPN 10.1.0.0/28 AS 65000 65000 Site B - VPN 10.1.0.252/24 AS 65000 Site C - Direct Connect 10.0.0.0/8 AS 65000 Site D - Direct Connect 10.0.0.0/16 AS 65000 65000 65000 Which site will AWS choose to reach your network?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - A.

AWS uses the most specific route in your route table that matches the traffic to determine how to route the traffic (longest prefix match)

Hence the one that matches this is Site A.For more information on route table priority, please visit the below URL:

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Route_Tables.html#route-tables-priority

The decision on which site AWS will choose to reach your network will depend on the longest prefix match and the AS path.

In this case, AWS will first look for a Direct Connect connection with the longest prefix match. Therefore, Site D will be preferred over Site C because Site D has a more specific prefix (10.0.0.0/16) compared to Site C (10.0.0.0/8).

If there are multiple Direct Connect connections with the same longest prefix match, AWS will look at the AS path. In this case, Site D has a longer AS path (65000 65000 65000) compared to Site C (65000), which means that Site C is the preferred choice. However, in this scenario, there is no other Direct Connect connection with the same longest prefix match, so the AS path is not relevant.

Next, if there are no Direct Connect connections available, AWS will choose the VPN connection with the longest prefix match. In this case, Site B has a longer prefix (10.1.0.252/24) compared to Site A (10.1.0.0/28), so Site B would be preferred over Site A.

Therefore, the final answer is Site D.