AWS Direct Connect and VPN Network Configuration
Question
You are helping a team to build up the AWS infrastructure by configuring an AWS Direct Connect dedicated network connection with the AWS VPN.
There will be BGP connections established between the AWS Direct Connect and the router in the customer network.
With this network configuration, which of the following statements is true?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: C.
Option A is incorrect because although AWS Direct Connect itself does not encrypt the traffic in transit, the VPN IPSec connection encrypts the data.
Option B is incorrect because AWS Direct Connect is not free under such a configuration.
Please check the reference in https://aws.amazon.com/directconnect/pricing/.
Option C is CORRECT because the configuration uses AWS Direct Connect based on a dedicated network connection.
So a more consistent network experience can be achieved.
Please check the following snapshot:
Option D is incorrect because AWS Transit Gateway is a network transit hub used to interconnect VPCs and customer networks.
It is not needed under such a network configuration.
Reference:
https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-direct-connect-vpn.html
Sure, I'd be happy to explain!
AWS Direct Connect is a service that provides a dedicated network connection between a customer's on-premises infrastructure and AWS. This service can be used to establish a private and consistent network connection between a customer's network and their AWS resources.
When using AWS Direct Connect with a VPN, BGP connections are established between the Direct Connect router and the customer's router. This allows the customer to extend their network to AWS using the Direct Connect connection, while also having a secure VPN tunnel to encrypt data in transit.
Now, let's go through each of the answer choices to see which one is true:
A. The data in transit is not encrypted under such a configuration. This statement is false. When using a VPN with Direct Connect, the data in transit is encrypted. The VPN tunnel provides an additional layer of security, on top of the dedicated connection provided by Direct Connect.
B. Only the VPN connection will be charged, and the AWS Direct Connect is free of charge. This statement is false. Both the Direct Connect and VPN connections will incur charges based on the amount of data transferred over the connection.
C. This configuration provides a more consistent network experience than an internet-based VPN connection. This statement is true. Direct Connect provides a dedicated, private network connection between a customer's on-premises infrastructure and AWS. This results in a more consistent network experience, with lower latency and higher throughput compared to an internet-based VPN connection.
D. An AWS Transit Gateway is used for this network configuration. This statement is not necessarily true. While an AWS Transit Gateway can be used to connect multiple VPCs and VPNs to a Direct Connect connection, it is not required for this network configuration.
So the correct answer is C: This configuration provides a more consistent network experience than an internet-based VPN connection.