Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

Get $4 OFF in AWS Solutions Architect & Data Engineer Associate Practice Exams for $10.99 each ONLY!

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Solutions Architect Associate Edge to edge routing

Tagged: ,

  • Edge to edge routing

     pskarthic updated 2 years, 8 months ago 2 Members · 3 Posts
    AWS Certified Solutions Architect Associate

  • pskarthic

    Member
    August 13, 2021 at 11:20 am

    53. QUESTION

    Category: CSAA – Design Secure Applications and Architectures

    A media company has two VPCs: VPC-1 and VPC-2 with peering connection between each other. VPC-1 only contains private subnets while VPC-2 only contains public subnets. The company uses a single AWS Direct Connect connection and a virtual interface to connect their on-premises network with VPC-1.

    Which of the following options increase the fault tolerance of the connection to VPC-1? (Select TWO.)

    · Establish a hardware VPN over the Internet between VPC-2 and the on-premises network.

    · Establish a hardware VPN over the Internet between VPC-1 and the on-premises network.

    · Use the AWS VPN CloudHub to create a new AWS Direct Connect connection and private virtual interface in the same region as VPC-2.

    · Establish a new AWS Direct Connect connection and private virtual interface in the same region as VPC-2.

    · Establish another AWS Direct Connect connection and private virtual interface in the same AWS region as VPC-1.


    Incorrect

    In this scenario, you have two VPCs which have peering connections with each other. Note that a VPC peering connection does not support edge to edge routing. This means that if either VPC in a peering relationship has one of the following connections, you cannot extend the peering relationship to that connection:

    – A VPN connection or an AWS Direct Connect connection to a corporate network

    – An Internet connection through an Internet gateway

    – An Internet connection in a private subnet through a NAT device

    – A gateway VPC endpoint to an AWS service; for example, an endpoint to Amazon S3.

    – (IPv6) A ClassicLink connection. You can enable IPv4 communication between a linked EC2-Classic instance and instances in a VPC on the other side of a VPC peering connection. However, IPv6 is not supported in EC2-Classic, so you cannot extend this connection for IPv6 communication.

    For example, if VPC A and VPC B are peered, and VPC A has any of these connections, then instances in VPC B cannot use the connection to access resources on the other side of the connection. Similarly, resources on the other side of a connection cannot use the connection to access VPC B.

    Hence, this means that you cannot use VPC-2 to extend the peering relationship that exists between VPC-1 and the on-premises network. For example, traffic from the corporate network can’t directly access VPC-1 by using the VPN connection or the AWS Direct Connect connection to VPC-2, which is why the following options are incorrect:

    – Use the AWS VPN CloudHub to create a new AWS Direct Connect connection and private virtual interface in the same region as VPC-2.

    – Establish a hardware VPN over the Internet between VPC-2 and the on-premises network.

    – Establish a new AWS Direct Connect connection and private virtual interface in the same region as VPC-2.

    You can do the following to provide a highly available, fault-tolerant network connection:

    – Establish a hardware VPN over the Internet between the VPC and the on-premises network.

    – Establish another AWS Direct Connect connection and private virtual interface in the same AWS region.


    A long question, please bare with me.

    The explanation basically says that edge to edge routing is not possible to peered vpc connection. The diagram has A/B and explanation has 1/2 for naming VPC. I am continuing with A/B.

    1. If VPC A and B are peered and A has site-to-site VPN or DX then VPC A can’t connect to corporate/onpremise network. This is what I observed from explanation as well as from ref link given, so a VPN is required to connect VPC B to corporate network but the answer given is other way, that is connecting VPC A with VPN.

    Note in explanation it is not mentioned which VPC.

    I am good with the second part of the answer, that is connecting another DX connection.


    vpc

  • Carlo-TutorialsDojo

    Member
    August 13, 2021 at 10:04 pm

    Hello pskarthic,

    Thanks for the feedback.

    Edge to Edge routing means that point A can’t directly communicate with point C. However, If there’s a point B that’s both connected to points A and C, then point A can use point B as a jump host to connect to point C.

    Note in explanation it is not mentioned which VPC.

    >> Could you point out which part of the explanation are you are referring to? It was specifically mentioned in the last part. Also, it says on the question that you must increase the fault tolerance of the connection to VPC-1.

    Let me know what you think

    Regards,

    Carlo @ Tutorials Dojo

  • pskarthic

    Member
    August 13, 2021 at 10:13 pm

    Hi Carlo,

    Now I understand the question, it is all about VPC1. I got confused and thought there should be a connectivity to VPC2.

    And regarding the missing information in explanation, it is just that the vpc name is mentioned generally as VPC instead of specifially VPCB.

    <b style=”font-family: inherit; font-size: inherit;”>– Establish a hardware VPN over the Internet between the “<i style=””>VPC”<b style=”font-family: inherit; font-size: inherit;”> and the on-premises network.

    – Establish another AWS Direct Connect connection and private virtual interface in the same AWS region.

Viewing 1 - 3 of 3 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now