According to this link, active/passive means one tunnel is up and another is down
https://aws.amazon.com/premiumsupport/knowledge-center/vpn-configure-tunnel-preference/
Then the question doesn't make any sense since it will always uses the up one until it fails. If it means active/active, then A is already in place. Then It should be B and D for BGP route manipulation. This is quickly bad question IMO
i dont understand why everyone decided both tunnels must be up. with tunnel monitoring you can have one of them down. this will also make sure no asymmetric routing if misconfigured on client side. also, those that refer to https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNRoutingTypes.html#vpn-route-priority
this is a suggestion by AWS and as you can confirm at the end - "For customer gateway devices that do not support asymmetric routing, please use AS-path-prepending and Local-Preference to prefer one tunnel over the other."
B&D look like good answers.
https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNRoutingTypes.html#vpn-route-priority
A D For customer gateway devices that support asymmetric routing, we do not recommend using AS PATH prepending, to ensure that both tunnels have equal AS PATH. This helps to ensure that the multi-exit discriminator (MED) value that we set on a tunnel during VPN tunnel endpoint updates is used to determine tunnel priority.
Funny that even with a reference URL people are picking different answers :)
According to the URL that Huntkey shared , if you pay attention to the note field at the end, my interpretation is the answer should be A and D. Cause the prerequisite is both tunnel being up, implicit prerequisite is using a dynamic routing protocol (BGP) and based on the note at the end of that URL, AWS clearly prefers to use MED (rather than AS Path Prepend).
For matching prefixes where each VPN connection uses BGP, the AS PATH is compared and the prefix with the shortest AS PATH is preferred.
When the AS PATHs are the same length, and the first AS in the AS_SEQUENCE is the same across multiple paths, multi-exit discriminators (MEDs) are compared. The path with the lowest MED value is preferred.
AS_Path will be compared before MED. So the preferred answers are A & B.
Note: It's a best practice to avoid using AS Path prepending so that both tunnels have an equal AS PATH value. With an equal AS PATH value, the MED value that AWS sets on the tunnel during VPN tunnel endpoint updates determines tunnel priority.
A&D based ton that. No AS PATH shall be used, oy MED
A & B are correct. The base thing here is to make sure both tunnels stay up. Then prioritize traffic over one using AS Prepending
D does not work if the private ASN is used on the BGP peering over the tunnel.
Where did you get the info that MED is not supported on Private ASN ? The only limitation that AWS states is here => https://docs.aws.amazon.com/directconnect/latest/UserGuide/WorkingWithVirtualInterfaces.html , which states "Autonomous System (AS) prepending does not work if you use a private ASN for a public virtual interface.".
upvoted 1 times
...
...
This section is not available anymore. Please use the main Exam Page.ANS-C00 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Huntkey
Highly Voted 3 years, 7 months agoJamesTR
Highly Voted 3 years, 7 months agokhchan123
3 years, 2 months agoslackbot
Most Recent 2 years, 1 month agonnope
2 years, 6 months agonklocal
2 years, 8 months agonklocal
2 years, 10 months agowahlbergusa
3 years, 7 months agowalkwolf3
3 years, 6 months agoJohnnyBG
3 years, 4 months agosapien45
3 years, 2 months agoNimolee
3 years, 7 months agowahlbergusa
3 years, 6 months ago