Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Location Chicago IL, USA

Exam ANS-C00 topic 1 question 164 discussion

Exam question from Amazon's ANS-C00
Question #: 164
Topic #: 1
[All ANS-C00 Questions]

Your network is connected through two Direct Connect connections and two VPN connections.  Site A is VPN 10.1.0.0/24 AS 65000 65000, Site B is VPN 10.1.0.252/30 AS 65000, Site C is DX 10.0.0.0/8 AS 65000 and Site D is DX 10.0.0.0/16 AS 65000 65000 65000.

Which AWS location will AWS use to connect to your network?

  • A. Site A: VPN 10.0.1.0/24 AS 65000 65000
  • B. Site B: VPN 10.0.1.252/30 AS 65000 65000 65000
  • C. Site C: DX 10.0.0.0/8 AS 65000
  • D. Site D: DX 10.0.0.0/16
Show Suggested Answer Hide Answer

Suggested Answer: B
Site B, the most specific prefix always wins.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Huntkey
Highly Voted 2 months, 2 weeks ago
Seriously, I think the people who come up this question don't know about networking. This question depends on what IP AWS uses to reach your site... Also, who has site with just a /30 prefix?
upvoted 6 times
...
JamesTR
Highly Voted 2 months, 1 week ago
Impossible to answer without knowing destination IP
upvoted 5 times
...
sayed_2908
Most Recent 1 week, 3 days ago
Agree that DX have priority over VPN but keep in mind that more specific prefix always win.
upvoted 1 times
...
JoMainAWS
1 month ago
what???? hahaha
upvoted 2 times
...
walkwolf3
1 month, 1 week ago
B ===Route selection Longest prefix match applies. If the prefixes are the same, then the virtual private gateway prioritizes routes as follows, from most preferred to least preferred: BGP propagated routes from an AWS Direct Connect connection Manually added static routes for a Site-to-Site VPN connection BGP propagated routes from a Site-to-Site VPN connection For matching prefixes where each Site-to-Site VPN connection uses BGP, the AS PATH is compared and the prefix with the shortest AS PATH is preferred. https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNRoutingTypes.html#vpn-route-priority
upvoted 2 times
...
zenfox
1 month, 2 weeks ago
question is bad and answer are different lol I will go with D DX is better than VPN. Also C has one as-path vs D that has none in the answer but 3 in the question
upvoted 2 times
zenfox
1 month, 1 week ago
plus D has more specific route as well. /16 is better than /8
upvoted 1 times
...
...
ChauPhan
2 months, 1 week ago
https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNRoutingTypes.html#vpn-route-priority When a virtual private gateway receives routing information, it uses path selection to determine how to route traffic. Longest prefix match applies. If the prefixes are the same, then the virtual private gateway prioritizes routes as follows, from most preferred to least preferred: BGP propagated routes from an AWS Direct Connect connection Manually added static routes for a Site-to-Site VPN connection BGP propagated routes from a Site-to-Site VPN connection For matching prefixes where each Site-to-Site VPN connection uses BGP, the AS PATH is compared and the prefix with the shortest AS PATH is preferred.
upvoted 2 times
ChauPhan
2 months ago
If DX routes are same length, then it will use local preference communities, AS_PATH to for route priority.
upvoted 1 times
...
ChauPhan
2 months ago
It will choose B because it is most specific route B. Site B: VPN 10.0.1.252/30 AS 65000 65000 65000
upvoted 2 times
ChauPhan
2 months ago
If 02 routes with same length, then AWS will choose DX instead of VPN
upvoted 1 times
abc321
1 month, 4 weeks ago
DX routes will be preferred over VPN routes. Even though B has specific route it wont be used as DX routes C and D will be preferred. Ans would be D as its more specific than C.
upvoted 1 times
ptpho
1 month, 1 week ago
Agreed with D. DCX > VPN and more specific > ASP
upvoted 1 times
ptpho
1 month, 1 week ago
changed my opinion. most specific route always selected. This is logical and we dont care about /30 because this is a site, not AWS VPC CIDR. So ans is B
upvoted 1 times
...
...
...
...
...
...
dev62
2 months, 1 week ago
ANS should be D. As both A & B are not the same CIDR as in the question. C -is larger one. So, D more specific Route is /16.
upvoted 1 times
...
eeghai7thioyaiR4
2 months, 1 week ago
That question is aweful However, let's gamble B: no. "Your network" is probably something more than a /30 A: no. VPN A has 10.1.0.0/24, while the answer states "10.0.1.0/24" This leaves C and D .. Take a random pick ?
upvoted 3 times
...
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...