Home › Forums › General Discussions › ANS-C00 Questions and inconsistent answers › Reply To: ANS-C00 Questions and inconsistent answers
-
Hi NFS,
Thank you for raising your concerns about this scenario. The answer to your question can actually be found in the provided explanation.
Enabling route propagation is not a silver bullet. The routing depends on whether a route in your Route Table is static or propagated and which is more “specific” – which is a term related to the networking concept of Longest Prefix Match. (e.g. 192.168.0.0/24 is more “specific” (smaller CIDR block) than the 192.168.0.0/16 block.
In a Site-to-Site VPN connection, you can specify two types of routing:
- static
- dynamic (also known as propagated route).
Just as what is shown in the explanation:
We use the most specific route in your route table that matches the traffic to determine how to route the traffic (longest prefix match). If your route table has overlapping or matching routes, the following rules apply:
If propagated routes from a Site-to-Site VPN connection or AWS Direct Connect connection overlap with the local route for your VPC, the local route is most preferred even if the propagated routes are more specific.
If propagated routes from a Site-to-Site VPN connection or AWS Direct Connect connection have the same destination CIDR block as other existing static routes (longest prefix match cannot be applied), we prioritize the static routes whose targets are an internet gateway, a virtual private gateway, a network interface, an instance ID, a VPC peering connection, a NAT gateway, a transit gateway, or a gateway VPC endpoint.
Reference:
https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNRoutingTypes.html
Let us know if you need further assistance. The Tutorials Dojo team is dedicated to help you pass your AWS exam on your first try!
Regards,
Jon Bonso @ Tutorials Dojo