Exam ANS-C00 topic 1 question 31 discussion

Answer is A & B

This is an aweful question .. There is no IGP, no connectivity between R1 and R2 So, each one have a single path to AWS, there is no need to control the routes there However, from the AWS side, we see both subnets, from R1 and from R2 If both R1 and R2 uses the same IP ranges, it will never works, because the trafic will go to either R1 or R2, but not both (or both via ECMP, that will break everything) If R1 and R2 does not use the same ranges, each one should advertise different prefixes, this makes the whole question useless (it will work as-is) So, with two actions should I take to fix the problem ? None of those

First off, the firewall is stateful. It will see the traffic leave and have a return route for it. The reason packets are dropping is because of asymmetric routing. Traffic leaving one router and returning on the other router. Remember the routers are not connected so they don't know about traffic leaving router 1 and returning on R2. Therefore, the answer can't be A. If you prepend R1 then R2 will receive incoming routes. A also says while advertising routes from R1. So A is saying R1 is advertising routes and R1 is also prepending. So traffic leaves R1 and returns on R2. This is creating the drop in traffic. To fix the problem you have to send traffic out R1 and receive traffic back on R1 for the stateful firewalls not to drop return traffic. B makes R1 primary on sending out traffic so D will also return traffic on R1. The problem is the answer could be BD or CE.

Correct Answer AC

A, D Question mentioned no connectivity between "R1 and R2", so this is an asymmetric route issue. Local preference is useless in on-premise router because they have a single route to AWS so no need additional route selection. We could use AS path prepend and assign a higher MED value on R1 bgp policy to make AWS only install R2 routes to fix the issue. Remarks: Local preference is only used for route selection for inbound route. E.g. If we only have a router and perform BGP peering with 2 DX location which advertised same VPC routes, in this case we can assign a higher local perf value on your perferred routes for outbound routing selection from on-prem to AWS.

it is really tricky one. Via AS_PATH we telling AWS to use R2 - answer A fo sure. And what each router do with routes received from AWS - they advertises it to some local networks IGP protocol to propagate it to the remain on-prem inrastructure. And at the same time R1 and R2 receiving the same AWS routes directly from AWS and from IGP. it means that now each on prem router localy must decide whitch route use to send teaffic to AWS. At this point on R1 we need to configure higer local pref for routes received via IGP and as result R1 will send all AWS dedicated traffic to R2. Answer C

someone explain to me please, why you want to have R2 as the preferred route, what is the reason why we discard R1 as a route, the question says that both routers drop the packets, because R1 is the "bad guy" someone who clear that part up for me.

A and D ... I am CCNP :P

Answer: A and D A--use As prepend when advertising routes from R1 to VGW ( this will make inound traffic always pick R2) D- advertise routes from R1 with higher MED to VGW ( this will make inound traffic always pick R2)

A is Correct. -- Config from On-prem side making R2 prefixes more preferred. D is Correct. -- Achieves the same thing as A through MED, making R2 preferred path. B & C are wrong -- R1 & R2 are not talking to each other, Loc_Pref is a local non-transitive attribute that doesn't cross AS, so it's useless to configure it in this case. D -- Incorrect. -- Higher MED makes R2 less preferred, failing at contradicting the first BGP attribute in this case AS_PATH. A & D are Correct.

From BGP perspective, AS path prepend and MED used for the same purpose which is to influence incoming traffic, where as local preference is used to influence outgoing traffic. LP doesn’t work here because no iBGP peers, also no point using MED and AS path both. A is correct but not sure other answers.

We can drop B,C because Local preference is sent to all internal BGP routers in an AS not external router. A is one option to prefer route. The second is MED which higher value is preferred. In this scenario, they prefer R2. https://aws.amazon.com/blogs/networking-and-content-delivery/creating-active-passive-bgp-connections-over-aws-direct-connect/ A & E are correct.

Reading this again, I think the question may want to ask what the two options are, not two actions. There is NO connection between R1 and R2. That implies you do NOT have to manipulate any attribute for picking which one to use for outgoing traffic to the AWS. You just make sure they all come back on one path/router. In this case, both A and D can do the work, assuming the outgoing traffic somehow decides to use R2 to access AWS

MED is supported on the private and transit VIF but not on the public VIF according to https://aws.amazon.com/blogs/networking-and-content-delivery/creating-active-passive-bgp-connections-over-aws-direct-connect/. Coming from the Cisco world, I know that the MED is only compared for the prefix origined from the same ASN. If site A advertise it with 65001 and site B with 65002, then the MED is ignored. On Cisco platform, you configure "bgp always-compare-med" to force the comparison. I can't say if it is true for AWS or not, neither do I have an environment to test it. With these uncertainty, I am leaning more toward AB.

After some thought, I believe it's AD. Ideally, we should follow the evaluation sequence, i.e. local pref, AS Appending and MED. The question presented here is Active-Active asymetric routing, as the main concern is the traffic return from VPC is dropped due to stateful firewall, we need to focus on inbound tunning. The problem with Local Pref cannot be exchanged beyond iBGP, i.e. you cannot influence eBGP's local pref. In this case, you cannot directly assign a local preference to AWS AS. That is something impossible. (It's important to note that you can indirectly give local pref in AWS AS through BGP communities). MED is supported in AWS DX and as a last restort it should work. BTW it seems this exam is full of these type of questions - ask you to pick the best options among a bunch of bad options and mislead you of very minor details in an answer that seems to be the optimal one that you should use in practice. (In this question, mislead you to select local pref to *directly* fine tune inbound traffic which is impossible).

Local Pref – This path attribute is considered right at the start of the best-path algorithm, and as such, is an optimal tuning parameter! This is used for both Inbound and Outbound tuning – higher values are preferred. AS_Path – This path attribute is a concatenation of all the AS numbers the advertisement has passed through. It is used as a loop avoidance mechanism on the one hand and as an indication of distance on the other. This is used for both Inbound and Outbound tuning – shorter AS_Path lengths are preferred. MED – This path attribute uses a metric as well. MED is typically used by an AS that is multi-homed to instruct an external AS (that it is peered with) that it has a preferred entry point for a particular network address block. This can be used for inbound tuning – lower metric values are preferred.

Here is my take on it: We want to configure the network to use symmetric path, i.e. incoming and outgoing traffic use the same path. Incoming traffic from AWS: Answer A. It will force incoming traffic to use R2 Outgoing traffic to AWS: Answer B. Assigning lower local preference on R1, will force outgoing traffic via R2 (higher LR wins) Correct answer are then A and B Am I right?