AWS Direct Connect and BGP Connections: True Statements
Question
You are helping a team to build up the AWS infrastructure by configuring an AWS Direct Connect dedicated network connection with the AWS VPN.
There will be BGP connections established between the AWS Direct Connect and the router in the customer network.
With this network configuration, which of the following statements is true?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: C.
Option A is incorrect because although AWS Direct Connect itself does not encrypt the traffic in transit, the VPN IPSec connection encrypts the data.
Option B is incorrect because AWS Direct Connect is not free under such a configuration.
Please check the reference in https://aws.amazon.com/directconnect/pricing/.
Option C is CORRECT because the configuration uses AWS Direct Connect based on a dedicated network connection.
So a more consistent network experience can be achieved.
Please check the following snapshot:
Option D is incorrect because AWS Transit Gateway is a network transit hub used to interconnect VPCs and customer networks.
It is not needed under such a network configuration.
Reference:
https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-direct-connect-vpn.html
Sure, I can help you with that!
When configuring an AWS Direct Connect dedicated network connection with the AWS VPN, BGP connections are established between the AWS Direct Connect and the router in the customer network. This network configuration provides a secure and reliable way to connect your on-premises data center or network to your AWS resources.
Let's go over the answers:
A. The data in transit is not encrypted under such a configuration.
This statement is not entirely true. By default, the traffic flowing through the Direct Connect connection is not encrypted. However, AWS Direct Connect provides an option to encrypt data in transit using an IPSec tunnel. When using the AWS VPN, the data is encrypted through the IPSec tunnel, providing an additional layer of security.
B. Only the VPN connection will be charged, and the AWS Direct Connect is free of charge.
This statement is not true. Both AWS Direct Connect and the VPN connection are charged separately. AWS Direct Connect is charged based on the port speed and the amount of data transferred, while the VPN connection is charged based on the amount of data transferred.
C. This configuration provides a more consistent network experience than an internet-based VPN connection.
This statement is true. By using AWS Direct Connect, you can establish a dedicated, private network connection between your on-premises infrastructure and AWS, which provides a more consistent and reliable network experience compared to an internet-based VPN connection.
D. An AWS Transit Gateway is used for this network configuration.
This statement is not necessarily true. While an AWS Transit Gateway can be used to connect multiple VPCs and on-premises networks, it is not required for this specific network configuration.
In summary, the correct answer is C. This configuration provides a more consistent network experience than an internet-based VPN connection. It's important to keep in mind that while data is not encrypted by default when using AWS Direct Connect, you can enable encryption using an IPSec tunnel. Additionally, both AWS Direct Connect and the VPN connection are charged separately.