Your company plans to set up an AWS Direct Connect Connection and a VPN connection as a backup.
If the AWS Direct Connect connection fails, then the traffic should be routed on the VPN line.
What can be done to ensure this failover happens as smoothly as possible?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - C.
The AWS Documentation mentions the following.
Bidirectional Forwarding Detection (BFD) is a network fault detection protocol that provides fast failure detection times, facilitating faster re-convergence time for dynamic routing protocols.
It is independent of media, routing protocol, and data.
We recommend enabling BFD when configuring multiple AWS Direct Connect connections or when configuring a single AWS Direct Connect connection and a VPN connection as a backup to ensure fast detection and failover.
You can configure BFD to detect link or path failures and update dynamic routing as Direct Connect quickly terminates BGP peering so that backup routes can kick in.
Options A and B are incorrect since these are not valid options.
Option D is incorrect since we need to establish Border Gateway Protocol (BGP) peering for dynamically routed Site-to-Site VPN connections.
For more information on BFD and VPN, please refer to the below URL:
https://docs.aws.amazon.com/directconnect/latest/UserGuide/create-vif.html https://aws.amazon.com/vpn/faqs/In order to ensure smooth failover from AWS Direct Connect connection to a VPN connection in case of failure, the following steps should be taken:
In AWS Direct Connect, configure the VPN connection as a backup device. This can be done by setting the VPN connection as a secondary device. This will allow traffic to be routed through the VPN connection only when the Direct Connect connection fails.
In AWS VPN, configure the Direct Connect connection as the primary device. This can be done by setting the Direct Connect connection as the primary device. This will ensure that traffic is routed through the Direct Connect connection when it is available.
Enable Bidirectional Forwarding Detection (BFD). BFD is a protocol that detects link failures in a network and can provide sub-second failover. By enabling BFD, the VPN connection can quickly detect when the Direct Connect connection fails and switch to routing traffic through the VPN connection.
Do not disable BGP routing. BGP is a routing protocol used to exchange routing information between different networks. It is used in both Direct Connect and VPN connections. Disabling BGP routing can prevent the failover mechanism from working correctly.
By following these steps, it is possible to ensure that failover from AWS Direct Connect connection to VPN connection happens smoothly and without interruption.