Factors for Setting Up VPN CloudHub for Global Software Firm

Correct Answers - B, D.

AWS VPN CloudHub provides connectivity between spoke location over VPN connection.

In this case, VGW acts as a Hub & re-advertise prefixes received from one regional office to another regional office.

For this connectivity to establish, each regional site should have non-overlapping IP prefixes & BGP ASN unique at each site.

If BGP ASN is not unique, additional ALLOWS-IN will be required.

Option A is incorrect as VGW by default acts as a Hub and spoke & no additional configuration needs to be done at the VGW end.

Option C is incorrect as the router needs to have BGP peering only with VGW & not with routers in other locations.

Option E is incorrect as a regional office can set up a VPN connection to VGW of the different regions.

For more information on using AWS VPN CloudHub, refer to the following URL-

https://docs.aws.amazon.com/vpn/latest/s2svpn/VPN_CloudHub.html

The scenario presented in the question requires setting up a temporary connection between three on-premises regional offices located in Sydney, London, and Tokyo, and a Demo VPC located in the us-west-1 region. The proposed solution is to set up a VPN CloudHub in VGW (Virtual Private Gateway) at us-west-1 for the other three on-premise sites to connect. To meet this connectivity solution, the following factors are required:

A. VGW at us-west-1 should be enabled to advertise IP prefixes of each regional office to other regional offices: When a VPN CloudHub is set up in VGW, it can act as a hub for all the VPN connections from the on-premises regional offices. To enable communication between the offices, the VGW must be configured to advertise the IP prefixes of each regional office to the other regional offices. This way, the on-premises routers can learn about the IP addresses of other on-premises sites, and traffic can be routed accordingly.

C. Each router should have a BGP (Border Gateway Protocol) peering with other routers at each regional office over VPN connection: To enable the on-premises routers to exchange routing information and learn about the IP prefixes advertised by other on-premises routers, each router should have a BGP peering with the other routers at each regional office over VPN connection. BGP is a protocol used to exchange routing information between different autonomous systems (AS), and it is used in this scenario to exchange routing information between the on-premises regional offices.

Therefore, options A and C are the correct answers to this question.

B. Non-overlapping IP address pool should be configured at each of the regional offices: This statement is partially correct. Non-overlapping IP address pools should be configured at each of the regional offices to avoid IP address conflicts. However, this factor is not required to meet the connectivity solution described in the question.

D. BGP (Border Gateway Protocol) ASN (Autonomous System Number) should be unique at these regional offices: This statement is also partially correct. BGP ASN should be unique at each regional office to ensure proper routing. However, this factor is not required to meet the connectivity solution described in the question.

E. Each of these offices should set up VPN connection to VGW only in that specific region instead of to VGW at us-west-1: This statement is incorrect. The proposed solution in the question is to set up a VPN CloudHub in VGW at us-west-1 for the other three on-premise sites to connect. Therefore, all the on-premises regional offices should set up VPN connections to VGW at us-west-1.