A company has set up a Direct Connect connection between its on-premises location and its AWS VPC.
It wants to set up redundancy in case the Direct Connect connection fails.
What can the company do in this regard?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - A and B.
Options A and B are CORRECT because with A you can have a redundant Direct Connect setup as a backup if the main Direct Connect connection fails (even though it is an expensive solution, it will work)
With B, VPN is an alternate way for the connection between AWS and on-premises infrastructure (even though the connectivity is slow, it will work).
More information on Direct Connect:
If you have established a second AWS Direct Connect connection, traffic will failover to the second link automatically.
We recommend enabling Bidirectional Forwarding Detection (BFD) when configuring your connections to ensure fast detection and failover.
If you have configured a backup IPsec VPN connection instead, all VPC traffic will failover to the VPN connection automatically.
Traffic to/from public resources such as Amazon S3 will be routed over the Internet.
If you do not have a backup AWS Direct Connect link or an IPSec VPN link, then Amazon VPC traffic will be dropped in the event of a failure.
Traffic to/from public resources will be routed over the Internet.
For more information on Direct Connect FAQ's, please visit the below URL.
https://aws.amazon.com/directconnect/faqs/To set up redundancy for a Direct Connect connection, a company can follow the below approaches:
A. Set up another Direct Connect connection: Setting up another Direct Connect connection with a different provider, location, or both can provide redundancy for the primary connection. The two connections can be configured with different virtual interfaces in the same VPC, each with its own router, or they can be configured in different regions to provide redundancy across regions. In case the primary connection fails, traffic can be automatically rerouted to the secondary connection.
B. Set up an IPSec VPN Connection: Setting up an IPSec VPN connection can provide redundancy for the Direct Connect connection. The VPN connection can be set up between the on-premises location and the VPC, and traffic can be routed through the VPN if the Direct Connect connection fails. This approach requires additional setup and configuration, and the VPN connection may have lower performance compared to the Direct Connect connection.
C. Set up S3 Connection: Setting up an S3 connection is not a solution for providing redundancy for a Direct Connect connection. S3 is an object storage service in AWS, and it does not provide connectivity between on-premises and AWS.
D. Set up a connection via EC2 instances: Setting up a connection via EC2 instances can provide redundancy for the Direct Connect connection. The company can set up EC2 instances in different availability zones and configure them as routers between the on-premises location and the VPC. Traffic can be routed through the EC2 instances if the Direct Connect connection fails. This approach requires additional setup and configuration, and the EC2 instances may have higher latency compared to the Direct Connect connection.
Therefore, the correct answers for providing redundancy for a Direct Connect connection are A (Set up another Direct Connect connection) and B (Set up an IPSec VPN Connection).