Your company has an AWS Direct Connect connection from a VPC to an on-premises location.
Which of the following can be used as a backup if the Direct Connect connection fails for any reason? Choose 2 answers from the options given below.
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - B and C.
The AWS Documentation mentions the following.
If you have established a second AWS Direct Connect connection, traffic will fail over to the second link automatically.
We recommend enabling Bidirectional Forwarding Detection (BFD) when configuring your connections to ensure fast detection and failover.
If you have configured a backup IPsec VPN connection instead, all VPC traffic will fail over to the VPN connection automatically.
Traffic to/from public resources such as Amazon S3 will be routed over the Internet.
Option A is invalid because AWS will not fall back to a secondary connection.
You have to ensure high availability.
Option D is invalid because this is only used for connecting 2 VPCs together.
For more information on the high availability of Network connections, please refer to the below URL:
https://aws.amazon.com/answers/networking/aws-multiple-data-center-ha-network-connectivity/Option A is incorrect because AWS does not provide a secondary Direct Connect connection automatically, although they do provide service level agreements (SLAs) that guarantee network availability and uptime.
Option B is a valid solution where you can set up a secondary Direct Connect connection as a backup. This can be achieved by creating a second Direct Connect connection on a different physical port on the Direct Connect router, or by setting up a second Direct Connect router in a different location or region.
Option C is also a valid solution where you can set up a VPN connection as a backup. This can be achieved by creating a VPN connection between the on-premises location and the VPC using the AWS VPN service or a third-party VPN solution.
Option D is not a valid solution as peering connections are used to connect VPCs within the same region or between different regions. They cannot be used as a backup for a Direct Connect connection.
In summary, options B and C are valid solutions for setting up a backup for a Direct Connect connection. Setting up a secondary Direct Connect connection provides a faster failover mechanism, but it requires additional physical infrastructure and can be more expensive. On the other hand, setting up a VPN connection can be a more cost-effective option, but it may have a higher latency and lower throughput compared to Direct Connect. It is important to consider the specific requirements and constraints of your environment when choosing the appropriate backup solution.