The question might have a mistake because a redundant link seems be to the same DC as the Direct Connect. In this case, DX link is between DC1 and the VGW; however, the redundant/failover/robust VPN connection is to DC2. I get the impression that they are two different DCs so it seems as though neither connection is redundant.
Thanks for any clarification.
Question below:
You are consulting for a company that has decided to partially migrate some resources to AWS from their two data centers (DC1 and DC2). Their first order of business is to design a robust, redundant and cost-effective network connection between their data centers and AWS. Which of the following architectures provides the highest availability at the least cost?
Ensure that DC1 and DC2 have separate ISPs. Setup VPN connections from DC1 and DC2 to a Virtual Private Gateway on AWS. Create static routes at each DC to use the local VPN to AWS. Use CloudTrail to monitor traffic on the Virtual Private Gateway and trigger a script to update the static route if one of the VPN connections goes down.
Configure a Direct Connect connection from both DC1 and DC2 to a Virtual Private Gateway on AWS. Configure BGP to dynamically route traffic across the nearest Direct Connect link.SELECTED
Configure a Direct Connect connection from DC1 to a Virtual Private Gateway on AWS. Setup a VPN connection from DC2 to a Virtual Private Gateway on AWS. Configure a dynamic route across DC1 and DC2 for both paths with a route priority favoring the Direct Connect path to AWS.
Configure a Direct Connect connection from both DC1 and DC2 to a Virtual Private Gateway on AWS. Configure a default route in both DC1 and DC2 to route traffic to the local Direct Connect link.
EXPLANATION:
A common and cost effective way to provide a redundant link to AWS with Direct Connect is a VPN connection. In the event that the Direct Connect path fails, your on-prem router can redirect traffic over the VPN. Having dual Direct Connect links is definitely redundant but more expensive than a VPN.
1 Answers
Hi ccottondc,
What was supposed to be inferred in this question was that MOST companies already have redundent connections between their DCs and therefore, it was pre-existing for this question setup. Therefore, if the DX at DC1 were to go down, the on-prem router could route traffic to the other DC via the DC1-DC2 connection and over the VPN at DC2 to AWS. This scenario is straight out of the DX whitepapers.
I can see how this detail might confuse things so I’ll probably add that specific piece of data into the question.
–Scott