A startup firm is looking for a backup & replication solution with AWS.
A Pilot Light Architecture will be deployed on an EC2 instance within a VPC which sends a small amount of replication traffic to primary servers deployed at the Data Centre.
For this connectivity, the client is planning to use AWS VPN between Data Centre & VGW deployed in this VPC.
Before deploying a final solution, the Client IT Team successfully tested replication traffic with a VGW attached to a TEST VPC & CGW at Data Centre.
Now the client is planning to move to PRODUCTION VPC as a final solution.
Which of the following options will you, as an AWS network consultant, suggest for moving VPN connectivity seamlessly to PRODUCTION VPC with the least changes to the network & in a quick way?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer - B.
VPN connection is between VGW & CGW.
VPN connection is not associated with a VPC, but it is associated with VGW.
So, to move a VPN Connection to a different VPC, VGW can be detached from the existing VPC & attached to another VPC with no changes in Tunnel IP address or any changes in CGW.
In the above case, the client can detach VGW from TEST VPC & attach it to PRODUCTION VPC with no changes at CGW.
Option A is incorrect as creating a new VGW & new VPN connection will require to start all configurations from the initial stage which will be time-consuming.
Option C is incorrect as When VGW is detached from one VPC & attached to another VPC, Tunnel IP remains the same & not required to be changed.
If there is a change in Tunnel IP, corresponding changes will be required at customer end CGW.
Option D is incorrect as the existing VPN connection will not work with New VGW, for this changes need to be done at CGW.
For more information on using moving VGW between VPCs, refer to the following URL.
https://www.youtube.com/watch?v=Qep11X1r1QA.
The scenario described involves a startup firm looking for a backup and replication solution with AWS. They plan to deploy a Pilot Light Architecture on an EC2 instance within a VPC that will send a small amount of replication traffic to primary servers deployed at the Data Centre. To enable this connectivity, the client plans to use AWS VPN between the Data Centre and a Virtual Private Gateway (VGW) deployed in the VPC.
Before deploying the final solution, the client IT team successfully tested replication traffic with a VGW attached to a TEST VPC and a Customer Gateway (CGW) at the Data Centre. Now, the client is planning to move to PRODUCTION VPC as a final solution and wants to do it seamlessly with the least changes to the network and in a quick way.
To move VPN connectivity seamlessly to PRODUCTION VPC, the following options are available:
A. Create a new VGW at PRODUCTION VPC and create a new VPN Connection from CGW with a different Tunnel IP address.
This option involves creating a new VGW in the PRODUCTION VPC and creating a new VPN Connection from the CGW with a different Tunnel IP address. This approach requires more changes to the network than other options, but it ensures that the VPN Connection has a unique configuration and avoids any potential conflicts with the previous configuration.
B. Detach the VGW from TEST VPC and attach it to PRODUCTION VPC with the same Tunnel IP address.
This option involves detaching the VGW from the TEST VPC and attaching it to the PRODUCTION VPC with the same Tunnel IP address. This approach is relatively simple and does not require significant changes to the network. However, it should be noted that reusing the same Tunnel IP address could cause conflicts and affect the connectivity to the TEST VPC.
C. Detach the VGW from TEST VPC and attach it to PRODUCTION VPC with different Tunnel IP addresses.
This option involves detaching the VGW from the TEST VPC and attaching it to the PRODUCTION VPC with different Tunnel IP addresses. This approach ensures that there are no conflicts with the previous configuration and maintains the integrity of the TEST VPC. However, it requires more changes to the network than option B.
D. Create a new VGW at PRODUCTION VPC and use the existing VPN Connection from CGW with the same Tunnel IP address.
This option involves creating a new VGW in the PRODUCTION VPC and using the existing VPN Connection from the CGW with the same Tunnel IP address. This approach avoids any potential conflicts with the previous configuration and ensures that the VPN Connection has a unique configuration. However, it requires more changes to the network than option B.
In summary, option B is the simplest option as it requires the least changes to the network. However, it has the potential to cause conflicts if the same Tunnel IP address is reused. Option C and D require more changes to the network, but they ensure that there are no conflicts with the previous configuration. Option A is the safest option, but it requires the most changes to the network.