Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Solutions Architect Professional BGP – does it secure transit data? Reply To: BGP – does it secure transit data?

  • Kenneth-Samonte-Tutorials-Dojo

    Member
    March 7, 2021 at 10:47 pm

    Hi Cobra,

    Thank you for your feedback.

    This question requires that the users’ connection from the on-premises network to AWS is encrypted and should go through the Direct Connect connection.

    Using the current Direct Connect connection, create a new public virtual interface and input the network prefixes that you want to advertise. Create a new site-to-site VPN connection to the VPC over the Internet. Configure the employees’ laptops to connect to this VPN.

    >> This option is incorrect because you need to establish the VPN connection through the Direct Connect connection. This does not satisfy the requirement of “maintaining the consistent network performance of Direct Connect”.

    As stated on the correct answer:

    Using the current Direct Connect connection, create a new public virtual interface –> needed to create a VPN connection to encrypt traffic.

    VPN connection to the VPC with the BGP protocol using the DX connection. –> the requirement on the question needs to use the Direct Connect connection.

    but BGP protocol does not protect the data in transit it seems – please clarify –> BGP is a routing protocol used to advertise network routes dynamically. Routers with BGP talk to each other to determine their routing tables. This communication is not encrypted. That is why you are creating a site-to-site VPN connection. Traffic will flow through this VPN tunnel and any data that flows through it is encrypted. BGP itself does not carry any important information, it just carries and advertises routing tables to its network peer.

    Hope this helps.

    Let us know if you need further assistance. The Tutorials Dojo team is dedicated to helping you pass your AWS exam!

    Regards,

    Kenneth Samonte @ Tutorials Dojo