Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 38 discussion

A - incorrect , static routes are not possible in TGW B- incorrect, these BGP communities are used for BGP over DX C- correct , AS_PATH prepending is a standard BGP way of influencing return traffic for advertised prefixes and SDWAN supports this. D- incorrect, disabling ECMP will make sure the SDWAN>TGW traffic is not load shared, but the return traffic TGW>SDWAN is not affected and therefore both appliances will process traffic.

Option C - focuses specifically on the SD-WAN virtual appliances. By configuring the AS_PATH prepend attribute on the secondary SD-WAN virtual appliance for BGP routes toward the transit gateway, the network engineer can influence routing preferences, making the primary SD-WAN virtual appliance the preferred path while keeping the secondary appliance as a backup. This approach meets the company's requirement of having only a single SD-WAN virtual appliance handle traffic from AWS workloads at a given time without impacting other connections.

The answer is A, Cantrill explained this very well in his `Transit gateway Deep Dive` course

Option C is best. Option A says adding a static route and add additional afterwards. Static Routes take preference but the question states only one appliance can handle traffic at a time. Gotta go with C

its a C

Both B and C are for preference

C is the correct answer. Influence AS_PATH to favour the primary. CONNECT attachments do not support static routes. BGP is a minimum requirement for Transit Gateway Connect.

Correct Answer is C - A will only influence the traffic from the AWS side B is applicable to Direct Connect C uses prepend to prioritise traffic D only load sharing is disabled routes are still active

I have created this scenario in Production using AS_Path prepend. AS_Path It's like basically faking an extra hop/ For BGP AS_Path and local preference will do the job for routing advert. The Goal was to achieve an Active/Standby scenario and avoid asymmetric routing. Option C correct

Adding a static default route in the transit gateway route table to point to the secondary SD-WAN virtual appliance ensures that the secondary appliance is the default route, meaning it will be used only when no more specific route is available. Adding more specific routes to point to the primary SD-WAN virtual appliance allows for traffic from AWS workloads to be directed to the primary appliance, satisfying the company policy that only a single SD-WAN virtual appliance should handle traffic from AWS workloads at a given time. Options B and C involve BGP configurations but may not be as straightforward or aligned with the requirement of having a single SD-WAN virtual appliance handling traffic at a time. Option D is not relevant to this specific scenario and doesn't address the requirement of having a single SD-WAN virtual appliance handle traffic at a given time.

I think that it's correcty answer is C.

As per https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-transit-gateway-sd-wan.html SD-Wan connects to TGW using BGP for routing. Therefore no static route, therefore C is the answer.

If there are two Connect peers, the preferred route is the Transit Gateway Connect peer that uses the BGP AS-PATH attribute. To use Equal Cost Multipath (ECMP) routing between multiple appliances, you must configure the appliances to advertise the same prefixes to transit gateways using the same BGP AS-PATH attribute. The AS-PATH and autonomous system number (ASN) must match for the transit gateway to select all available ECMP paths. Transit Gateways can use ECMP between Transit Gateway Connect peers on the same Connect attachment or between Connect attachments on the same Transit Gateway. Transit Gateway does not support the use of ECMP between both redundant BGP peer connections established by one peer. Connect attachments propagate routes to the Transit Gateway route table by default. Static routes are not supported. https://docs.aws.amazon.com/ja_jp/vpc/latest/tgw/tgw-connect.html#tgw-connect-requirements

C A Transit Gateway Connect peer using the BGP AS-PATH attribute is the preferred route when you have two Connect peers. https://docs.aws.amazon.com/ja_jp/vpc/latest/tgw/tgw-connect.html#tgw-connect-requirements

https://aws.amazon.com/blogs/networking-and-content-delivery/migrating-sd-wan-appliances-to-aws-transit-gateway-connect/ Improved availability: Transit Gateway Connect supports equal-cost multipathing (ECMP) with a 5-tuple hash – protocol number, source IP address, destination IP address, source port number, and destination port number. This allows your traffic to be distributed evenly across multiple appliances, reducing the impact of a single appliance failure compared to the one-appliance-per-AZ approach with VPC attachments.

A Guys who said static routes are not supported in TGW, you probably confused TGW route table and TGW Connect, two different things, TGW Connect is a feather under TGW. TGW Connect doesn't support static route - YES TGW support both static and dynamic routes "Q: How does routing work in AWS Transit Gateway? AWS Transit Gateway supports dynamic and static routing between attached Amazon VPCs and VPNs. By default, Amazon VPCs, VPNs, Direct Connect gateways, Transit Gateway Connect and peered Transit Gateways are associated to the default route table. " https://aws.amazon.com/transit-gateway/faqs/#:~:text=AWS%20Transit%20Gateway%20supports%20dynamic,to%20the%20default%20route%20table.

Have a look at https://aws.amazon.com/blogs/networking-and-content-delivery/simplify-sd-wan-connectivity-with-aws-transit-gateway-connect/ BGP is the minimum requirement. Thus, between BGP options (B&C) C is the right one as those communities in option B can be used on DX connection.