Set Up Highly Available and Cost-Effective VPN Connection between AWS VPC and On-Premises Data Center

Ensuring Connectivity and Cost Efficiency: VPN Connection Setup for AWS VPC and On-Premises Data Center

Prev Question Next Question

Question

Your company plans to set up a VPN connection between a VPC hosted in AWS and its on-premises data center.

There is a need to ensure that on-prem to AWS connectivity remains highly available and at the same time to ensure cost is kept to a minimum.

What would you do to ensure these requirements are kept?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - A.

As per AWS Docs,

To enable redundancy/high availability, each VPN connection has two tunnels by default that can be configured for high availability.

The second tunnel can be used in case if the first tunnel fails.

Refer to page 120 on the below link:

https://docs.aws.amazon.com/vpn/latest/s2svpn/s2s-vpn-user-guide.pdf#VPC_VPN https://aws.amazon.com/answers/networking/aws-single-data-center-ha-network-connectivity/
Two tunnels per VPN connection

A Site-to-Site VPN connection has two tunnels to provide increased availability to your VPC. If there's
a device failure within AWS, your VPN connection automatically fails over to the second tunnel so
that your access isn't interrupted. From time to time, AWS also performs routine maintenance on your
VPN connection, which may briefly disable one of the two tunnels of your VPN connection. For more
information, see -to-Site VPN tunnel endpoint replacements (p. 11). When you configure your
customer gateway, it's therefore important that you configure both tunnels.

Option A is correct. By default, a VPN has two tunnels that are established over different physical devices to ensure high availability. If one tunnel becomes unavailable, the other tunnel can be used to maintain connectivity. This ensures that on-premises to AWS connectivity remains highly available without incurring additional costs.

Option B is not a suitable solution as Direct Connect is an expensive option and is not required for this scenario.

Option C is not applicable in this scenario as VPC peering is used to connect VPCs within the same region, and cannot be used to connect an on-premises data center to a VPC in AWS.

Option D is not required as a single VPN connection with two tunnels provides high availability, and creating additional VPN connections would unnecessarily increase costs.

In summary, to ensure high availability and cost-effective connectivity between an on-premises data center and a VPC hosted in AWS, it is recommended to use the default VPN configuration with two tunnels.