Configuration Recommendations for High Availability VPN Connections to AWS

Best Practices for High Availability VPN Configuration

Prev Question Next Question

Question

Which of the following are configuration recommendations when configuring high availability for VPN connections to AWS? Choose 2 answers from the options given below.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - A and C.

The AWS Documentation mentions the following.

Many AWS customers choose to implement VPN connections because they can be a quick, easy, and cost-effective way to set up remote connectivity to a VPC.

To enable redundancy, each AWS Virtual Private Gateway (VGW) has two VPN endpoints with capabilities for static and dynamic routing.

Although statically routed VPN connections from a single customer gateway are sufficient for establishing remote connectivity to a VPC, this is not a highly available configuration.

The best practice for making VPN connections highly available is to use redundant customer gateways and dynamic routing for automatic failover between AWS and customer VPN endpoints.

For more information on high availability for network connections please see the below link:

https://aws.amazon.com/answers/networking/aws-multiple-data-center-ha-network-connectivity/

When configuring high availability for VPN connections to AWS, it is recommended to configure redundant customer gateways and dynamic routing.

A. Configure redundant customer gateways: To achieve high availability, it is recommended to use redundant customer gateways that connect to multiple virtual private gateways (VGWs) on the AWS side. This ensures that if one customer gateway or VGW fails, the other one can take over the traffic.

B. Configure dynamic routing: Dynamic routing protocols, such as Border Gateway Protocol (BGP), can automatically reroute traffic in the event of a failure. BGP is recommended for high availability because it provides fast convergence times and automatic failover. With dynamic routing, you can also use equal-cost multipath (ECMP) routing, which allows traffic to be distributed across multiple VPN tunnels, improving performance and resiliency.

C. Configure static routing: Static routing can be used to manually configure routing tables, but it is not recommended for high availability because it cannot automatically reroute traffic in the event of a failure.

D. Configure Direct Connect: Direct Connect is a dedicated network connection from your data center to AWS that provides a more reliable and consistent network experience than VPN. While Direct Connect can be used for high availability, it is not specifically related to configuring high availability for VPN connections to AWS.

Therefore, the correct answers are A and C: Configure redundant customer gateways and configure dynamic routing.