AWS Certified Advanced Networking - Specialty: Private VIF Configuration Process

Private VIF Configuration Process

Prev Question Next Question

Question

You need to create a Private VIF for an existing AWS Direct Connect connection.

Which of the following is required during the configuration process? Please select the 2 correct options from below.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - B and C.

If you look at the screen for creating a private VIF, this is how it looks like.

Here you can see that VLAN ID and the Virtual Private Gateway are part of the creation process.

Options A and D are incorrect since this is required when creating a public VIF.For more information on the creation of Virtual Interfaces, please refer to the below URL.

https://docs.aws.amazon.com/directconnect/latest/UserGuide/create-vif.html
Create a Virtual Interface

‘You may choose to create a private or public virtual interface. Select the appropriate option below.
Private - A private virtual interface should be used to access an Amazon VPC using private IP addresses.
Public - A public virtual interface can access all AWS public services (including EC2, S3, and DynamoDB) using public IP addresses.

Define Your New Private Virtual Interface

Enter the name of your virtual interface. If youre creating a virtual interface for another account, youll need to provide the other AWS account ID. For more information about virtual interface
‘ownership, see ‘Hosted Virtual Interfaces’ in the AWS Direct Connect Getting Started Guide.

Connection ( dxcon-f96028pn (TestConnection) $) i
Virtual Interface Name i

Virtual Interface Owner @My AWS Account Another AWS Account
‘Select the gateway for this virtual interface. You can connect to Virtual Private Gateway (VGW) or Direct Connect Gateway. Connecting with Direct Connect Gateway will enable you to associate

‘with multiple VGWs, providing connectivity with muitiple Vitual Private Clouds across multiple regions; 19 with Virtual Private Gateway will allow you to ‘with one Virtual Private
Cloud in the selected region.
cc To Direct Connect G: virtual Private Gat

Virtual Private Gateway ( vgw-ebaa27db

Enter the VLAN ID, if not already supplied by your AWS Direct Connect partner, and the IP Addresses for your router interface and the AWS Direct Connect interface.

VLAN t
Address family QIPV4 OIE i
‘Auto-generate peer IPs. © i
Before you can use your virtual interface, we must establish a BGP session. You must provide an ASN for your router. You wil also need an MDS key to authenticate the BGP session. We can
‘generate one for you, or you can supply your own.
BGP ASN 0
‘Auto-generate BGP key © |i

When configuring a Private VIF (Virtual Interface) for an existing AWS Direct Connect connection, the following two options are required:

  1. VLAN ID: A VLAN (Virtual Local Area Network) ID is a numerical identifier that helps in creating a logical network segmentation within a physical network. VLAN tagging is used to separate different types of traffic over the same physical network. In the context of Direct Connect, a VLAN ID is required to create a dedicated logical connection between your network and AWS. You can choose any VLAN ID between 1 and 4094, with the exception of a few reserved VLAN IDs.

  2. Prefixes to advertise: To advertise routes to the AWS network, you need to specify the prefixes you want to advertise over the Private VIF. Prefixes are IP address ranges that belong to your network. AWS uses Border Gateway Protocol (BGP) to exchange routing information between your network and AWS. You need to configure BGP on your router and advertise the prefixes you want to be reachable over the Private VIF. Once the prefixes are advertised, AWS updates its routing tables to direct traffic destined for those prefixes to your network.

Option A (The Peer Public IP) and Option C (Virtual Private Gateway) are not required during the configuration process of a Private VIF.

  • Peer Public IP is the IP address of the Direct Connect router on the AWS side, and it is used to establish a BGP session. However, you do not need to specify this IP address during the configuration of a Private VIF because AWS automatically assigns it.
  • Virtual Private Gateway is a logical representation of a VPN (Virtual Private Network) gateway in AWS. However, a Private VIF does not require a Virtual Private Gateway. Instead, it is used to establish a private, dedicated connection between your network and AWS without going over the public internet.