Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 165 discussion

C - https://docs.aws.amazon.com/directconnect/latest/UserGuide/Troubleshooting.html#ts-layer-2

Changed to B as the entry is visible for the VLAN interface created for the private VIF at AWS, which means that the Layer 2 connectivity appears to be functioning correctly. BGP is the issue

My understanding of the ARP entry is that layer 2 is ok and layer 3 is the problem. Then it would be option B and option C would be ruled out.

ISSDoksim is correct. Ans C, DXCON uses VLAN tagging (IEEE 802.1Q) to separate customer traffic on the shared physical connection

Answer is B - since the VIF uses BGP A is not relevant CD are wrong due to the fact the ARP entry is visible

Answer C

The most likely reason for a private VIF (Virtual Interface) to have a DOWN status is a misconfiguration of the VLAN identifier. When setting up a private VIF, you need to configure the correct IEEE 802.1Q VLAN identifier on both ends, matching the VLAN ID associated with the VIF. If there's a mismatch in VLAN configuration, it can lead to the VIF being down. Option A and Option B are less likely to cause the private VIF to be DOWN. ICMP and TCP port 179 are related to specific networking protocols (ping and BGP, respectively), but the DOWN status is more likely associated with VLAN configuration issues. Option D refers to IEEE 802.1ad (Provider Bridging or Q-in-Q), which is not typically used for AWS Direct Connect connections. Misconfiguration of the VLAN identifier (802.1Q) is a more common issue leading to a DOWN status.

As the arp entry can be seen on the customer side which means the dot1.q is correctly configured , so C is wrong

C is correct. TCP port 179 is associated with the Border Gateway Protocol (BGP), which is used for routing updates between the customer's router and the AWS Direct Connect router. Blocking port 179 would prevent BGP from establishing a connection, but it would usually result in a BGP DOWN status, not necessarily a DOWN status for the entire private VIF.

If it was B it would show BGP as DOWN not VIF - this is a layer 2 issue Given the ARP entry visibility and physical connection's UP state, it indicates that the Layer 2 configuration (VLAN) might be correct on the Direct Connect router. However, if the VIF status is still showing as DOWN, it can be related to incorrect 802.1Q VLAN configuration, which might have been performed correctly on the customer end, but misconfigured on the AWS side or vice versa. So, the correct answer would be: C. The IEEE 802.1Q VLAN identifier is misconfigured on the customer Direct Connect router.

https://docs.aws.amazon.com/directconnect/latest/UserGuide/Troubleshooting.html#ts-layer-2 Ensure that there are no firewall or ACL rules that are blocking TCP port 179 or any high-numbered ephemeral TCP ports. These ports are necessary for BGP to establish a TCP connection between the peers.