Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 20 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 20
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company operates its IT services through a multi-site hybrid infrastructure. The company deploys resources on AWS in the us-east-1 Region and in the eu-west-2 Region. The company also deploys resources in its own data centers that are located in the United States (US) and in the United Kingdom (UK). In both AWS Regions, the company uses a transit gateway to connect 15 VPCs to each other. The company has created a transit gateway peering connection between the two transit gateways. The VPC CIDR blocks do not overlap with each other or with IP addresses used within the data centers. The VPC CIDR prefixes can also be aggregated either on a Regional level or for the company's entire AWS environment.
The data centers are connected to each other by a private WAN connection. IP routing information is exchanged dynamically through Interior BGP (iBGP) sessions. The data centers maintain connectivity to AWS through one AWS Direct Connect connection in the US and one Direct Connect connection in the UK. Each Direct Connect connection is terminated on a Direct Connect gateway and is associated with a local transit gateway through a transit VIF.
Traffic follows the shortest geographical path from source to destination. For example, packets from the UK data center that are targeted to resources in eu-west-2 travel across the local Direct Connect connection. In cases of cross-Region data transfers, such as from the UK data center to VPCs in us-east-1, the private WAN connection must be used to minimize costs on AWS. A network engineer has configured each transit gateway association on the Direct Connect gateway to advertise VPC-specific CIDR IP prefixes only from the local Region. The routes toward the other Region must be learned through BGP from the routers in the other data center in the original, non-aggregated form.
The company recently experienced a problem with cross-Region data transfers because of issues with its private WAN connection. The network engineer needs to modify the routing setup to prevent similar interruptions in the future. The solution cannot modify the original traffic routing goal when the network is operating normally.
Which modifications will meet these requirements? (Choose two.)

  • A. Remove all the VPC CIDR prefixes from the list of subnets advertised through the local Direct Connect connection. Add the company's entire AWS environment aggregate route to the list of subnets advertised through the local Direct Connect connection.
  • B. Add the CIDR prefixes from the other Region VPCs and the local VPC CIDR blocks to the list of subnets advertised through the local Direct Connect connection. Configure data center routers to make routing decisions based on the BGP communities received.
  • C. Add the aggregate IP prefix for the other Region and the local VPC CIDR blocks to the list of subnets advertised through the local Direct Connect connection.
  • D. Add the aggregate IP prefix for the company's entire AWS environment and the local VPC CIDR blocks to the list of subnets advertised through the local Direct Connect connection.
  • E. Remove all the VPC CIDR prefixes from the list of subnets advertised through the local Direct Connect connection. Add both Regional aggregate IP prefixes to the list of subnets advertised through the Direct Connect connection on both sides of the network. Configure data center routers to make routing decisions based on the BGP communities received.
Show Suggested Answer Hide Answer
Suggested Answer: BC 🗳️
by zaazanuna at March 18, 2023, 9:40 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Untamables
Highly Voted 1 year, 5 months ago
Selected Answer: CE
C and E If the private WAN failed, the network engineer would swing the traffic to the other region through the local Direct Connect and the Transit Gateways. That is the requirement. The solution is that the local DC has 2 kinds of route to the other region VPCs. One is the existing CIDR-based routes via the private WAN, another is the advertised aggregated routes from the local Direct Connect connection. CIDR-based routes are prior to the aggregated routes advertised from Direct Connect connection due to the longest prefix match routing algorithm. The options which match this solution are C and E.
upvoted 22 times
...
slackbot
Highly Voted 1 year, 5 months ago
Selected Answer: CD
B and E dont make sense as private and transit VIFs do not carry any BGP communities from AWS towards CGW. only CGW can send communities which AWS will use to route traffic back to customer the idea is: each DX GW must advertise the local VPCs CIDRs (which are more specific) and the remote region summarized routes (over iBGP local routers signify more specific routes to home regions).
upvoted 16 times
slackbot
1 year, 5 months ago
this is regarding routing and communities: https://docs.aws.amazon.com/directconnect/latest/UserGuide/routing-and-bgp.html also - note that DX GW can advertise no more than 20 routes towards CGW. hence, you cannot add all 30 VPCs CIDRs - you have to summarize.
upvoted 4 times
albertkr
1 year, 4 months ago
where does on the link that you showed above that mentions private and transit VIFs do not carry any BGP communities from AWS towards CGW? It actually mentions that "For outbound routing policies, AWS Direct Connect applies the following BGP communities to its advertised routes...", which means, regardless of what type of VIF is used, the the advertised route from AWS always carries a BGP community. It makes E making sense.
upvoted 3 times
albertkr
1 year, 4 months ago
you are right. After second reading, private and transit VIF don't apply the BGP community strings by default. The default behaviour is using the distance from the local Region to the Direct Connect location.
upvoted 1 times
...
...
...
...
Jonalb
Most Recent 2 weeks, 3 days ago
Selected Answer: CD
C and D Option C: The approach of advertising aggregated prefixes for each Region and local CIDR blocks can help simplify the routing table and address specific inter-region connectivity issues. However, if the configuration does not include prefixes for the entire AWS environment, there may be gaps in coverage, especially if WAN connectivity fails. Option D: The approach of advertising an aggregated IP prefix for the entire AWS environment in addition to local CIDR blocks tends to be more comprehensive. This ensures that the entire AWS infrastructure is covered and can more robustly address routing issues, especially in situations where the WAN connection fails.
upvoted 1 times
...
AlirezaNetWorld
3 weeks, 1 day ago
C and E. I think, we all agree on the C; why E is correct? Because removing the individual VPC CIDR prefixes and using regional aggregate IP prefixes simplifies the routing table and helps in preventing routing issues, especially during cross-region data transfer.
upvoted 1 times
...
Jonalb
3 months, 3 weeks ago
Selected Answer: CD
CD its a true!
upvoted 1 times
...
[Removed]
5 months, 1 week ago
If option C is correct I cannot see why D should be not correct. Option C: Advertises other region aggregate + local non-aggregated VPC CIDRs Option D: Advertises entire AWS aggregate + local non-aggregated VPC CIDRs
upvoted 2 times
...
Raphaello
5 months, 2 weeks ago
Honestly, I do not get the request here! It says.. "The company recently experienced a problem with cross-Region data transfers because of issues with its private WAN connection. The network engineer needs to modify the routing setup to prevent similar interruptions in the future." Does that mean, the request is adding for example a route from UK DC to AWS US VPC through DX/DxGW/TGW in case private WAN between UK DC and US DC failed?
upvoted 1 times
Raphaello
5 months, 2 weeks ago
Drew it, and it became much easier. Anything with "aggregate IP prefix for the company's entire AWS environment" is wrong. As simple as that. Why? Cause we need the UK-VPC's apart from US-VPC's, cause in the normal network operation flow should go through the inter-DC's WAN connection, then need to keep prefixes from the "other" region apart to assign different AS_PATH or Community tags (differentiate them from local region prefixes). Therefore, I'd go with BC as correct answer. Please note, the question is not asking for a combination of actions, it simply asks what modification can accomplish the ask. Either B or C can do that.
upvoted 1 times
...
...
vikasj1in
7 months, 1 week ago
Selected Answer: CD
C. This ensures that the BGP advertisements include both the aggregate IP prefix for the other Region and the specific CIDR blocks for the local VPCs. This is useful for ensuring optimal routing and maintaining connectivity during cross-Region data transfers. D. this approach ensures that BGP advertisements include both the aggregate IP prefix for the entire AWS environment and the specific CIDR blocks for the local VPCs. This provides a more comprehensive view of the AWS environment, allowing the data center routers to make routing decisions based on the received BGP advertisements. By combining these modifications, you create a setup that allows for optimal routing and fault tolerance during cross-Region data transfers while still respecting the original traffic routing goals when the network is operating normally.
upvoted 3 times
...
marfee
7 months, 2 weeks ago
I think that it's correcty answer is C & E.
upvoted 1 times
...
asiansensation
9 months, 1 week ago
C,D are correct. You cannot receive BGP communities over DX as there is no way of configuring this in AWS. The on prem routers need to the send the respective BGP communities and AWS will respond accordingly. A does not make sense as it overlaps with D.
upvoted 1 times
...
Arad
10 months, 4 weeks ago
Selected Answer: CD
B and E do not make sense as private and transit VIFs do not carry any BGP communities from AWS to CGW. A and E are also very destructive while it is asked the solution cannot modify original traffic routing goals. So the only options which make sense are C & D.
upvoted 4 times
...
[Removed]
1 year, 2 months ago
Selected Answer: DE
Given the constraint Option E is correct because it removes all the VPC CIDR prefixes from the list of subnets advertised through the local Direct Connect connection and adds both Regional aggregate IP prefixes to the list of subnets advertised through the Direct Connect connection on both sides of the network. It also configures data center routers to make routing decisions based on the BGP communities received. Option D is correct because it adds both Regional aggregate IP prefixes to the list of subnets advertised through the Direct Connect connection on both sides of the network. It also configures data center routers to make routing decisions based on the BGP communities received https://aws.amazon.com/blogs/networking-and-content-delivery/setting-up-aws-direct-connect-gateway-to-route-dx-traffic-to-any-aws-region/
upvoted 2 times
...
Wiss7
1 year, 2 months ago
Selected Answer: CE
Private virtual interface and transit virtual interface BGP communities AWS Direct Connect supports local preference BGP community tags to help control the route preference of traffic on private virtual interfaces and transit virtual interfaces. https://docs.aws.amazon.com/directconnect/latest/UserGuide/routing-and-bgp.html
upvoted 2 times
...
Chinmoy
1 year, 4 months ago
Selected Answer: CD
CD is correct because of more specific routes are advertised over local connections
upvoted 7 times
...
ddtn
1 year, 4 months ago
Onprem-1 -- DXGW1 -- TGW1 | | private WAN. peering | | Onprem-2 -- DXGW2 -- TGW2 I understand topology as above. If so, C and D A, E are wrong because, after removed all VPC prefixes and replace by entire aggregated route, Onprem routers will only see the aggregated route and prefer local DX B is correct, because Onprem routers always prefer eBGP, but a little concern that transit VIF only allows 20 prefixes advertise from TGW (but can be request to increase this limit). C is correct, because Onprem routers prefer routes with more specific CIDRs, hence still use DX for local CIDRs and private WAN for remote CIDRs. D is wrong because DXGW not allow overlapped allow prefixes. https://docs.aws.amazon.com/directconnect/latest/UserGuide/allowed-to-prefixes.html
upvoted 3 times
ddtn
1 year, 4 months ago
sorry, typo, should be "If so, B and C"
upvoted 1 times
...
...
Chika22
1 year, 5 months ago
Selected Answer: CD
ccccc dddddd
upvoted 4 times
...
dremm
1 year, 5 months ago
Selected Answer: BC
I think B and C are correct. This is not a question of which 2 combinations will achieve this, but which 2 options result in the same thing. B) makes sense, because AWS DX adds export communities: “For outbound routing policies, AWS Direct Connect applies the following BGP communities to its advertised routes: 7224:8100—Routes that originate from the same AWS Region in which the AWS Direct Connect point of presence is associated. 7224:8200—Routes that originate from the same continent with which the AWS Direct Connect point of presence is associated. No tag—Global (all public AWS Regions).” - ref- https://docs.aws.amazon.com/directconnect/latest/UserGuide/routing-and-bgp.html This means that the DC1 router can match prefixes with missing community and assigning lower pref/weight to them. C) will ensure that DC1 has connectivity to Region2 over the TGW in Region1 because it will receive the aggregated prefix for Region2 VPCs.
upvoted 3 times
albertkr
1 year, 4 months ago
The BGP community string 7224:8XXX default assignment apply only to public VIF. If it is for private and transit VIF, the string should be 7224:7XXX and AWS does not apply the string to the routes by default.
upvoted 4 times
...
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel