Connect to Central Server in VPC: Best Option for Inter-VPC Communication | AWS Certified Advanced Networking - Specialty Exam

Connect to Central Server in VPC

Prev Question Next Question

Question

Your company has just set up a new central server in a VPC.

There is a requirement for other teams who have their servers located in different VPC's in the same region to connect to the central server.

Which of the below options is best suited to achieve this requirement.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - A.

A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses.

Instances in either VPC can communicate with each other as if they are within the same network.

You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account within a single region.

VPC peering needs to have the basic functionality that the CIDR's should not overlap, hence option D is wrong.

For more information on VPC Peering please see the below link:

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-peering.html

To allow teams in different VPCs in the same region to connect to a central server VPC, we need to establish connectivity between the VPCs. There are multiple options available to achieve this, but the best option depends on various factors such as cost, network bandwidth, and security requirements.

Option A: Set up VPC peering between the central server VPC and each of the teams VPCs. VPC peering allows us to connect two VPCs through a private network connection. It allows traffic to flow between the VPCs as if they are on the same network. VPC peering is easy to set up and does not involve any additional hardware. It is suitable for small-scale deployments where low-latency connectivity is required between VPCs. However, it has some limitations, such as no transitive peering and overlapping IP address ranges. If the teams have their VPCs peered with each other, then they cannot access the central server VPC directly via peering.

Option B: Set up AWS DirectConnect between the central server VPC and each of the teams VPCs. AWS DirectConnect allows us to establish a dedicated network connection between our data center and AWS. It provides a private and dedicated network connection with high bandwidth and low latency. DirectConnect can also be used to connect different VPCs in the same region. It provides a reliable and secure connection and is suitable for large-scale deployments where high-bandwidth connectivity is required between VPCs. However, it involves additional hardware and cost.

Option C: Set up an IPSec Tunnel between the central server VPC and each of the teams VPCs. An IPSec tunnel allows us to create a secure tunnel between two networks over the internet. It provides an encrypted and authenticated connection between the VPCs. IPSec tunnel is suitable for small-scale deployments where security is a high priority, and bandwidth requirements are not high. However, it involves additional configuration and maintenance of VPN gateways, and it may have higher latency than other options.

Option D: None of the above options will work. This option is not correct as all the above options are valid ways of connecting VPCs in the same region.

In conclusion, the best option to achieve connectivity between the central server VPC and different teams VPCs depends on the specific requirements of the deployment. VPC peering is suitable for small-scale deployments with low-latency requirements, AWS DirectConnect is suitable for large-scale deployments with high-bandwidth requirements, and IPSec tunnel is suitable for small-scale deployments with high-security requirements.