Exam Cram Sheet920 words
Exam Cram: AWS Hybrid Connectivity & Routing (ANS-C01)
Implement routing and connectivity between on-premises networks and the AWS Cloud
Exam Cram: AWS Hybrid Connectivity & Routing
This sheet covers the critical knowledge for Domain 2.1: Implement routing and connectivity between on-premises networks and the AWS Cloud for the ANS-C01 exam.
Topic Weighting
| Domain | Component | Estimated Exam % |
|---|---|---|
| Domain 2: Network Implementation | Task 2.1: Hybrid Connectivity | 12% - 15% |
| Overall Domain 2 | All Implementation Tasks | 26% |
[!IMPORTANT] This topic is foundational. Expect questions combining Direct Connect (DX) failover, BGP attribute manipulation, and Transit Gateway (TGW) integration.
Key Concepts Summary
1. Connectivity Methods
- AWS Direct Connect (DX): Physical, dedicated connection. Provides consistent performance and bypasses the public internet. High cost, long lead time.
- AWS Site-to-Site VPN: IPsec tunnels over the public internet. Quick to deploy, encrypted, but subject to internet latency/jitter.
- Transit Gateway (TGW): A hub-and-spoke router that simplifies connecting multiple VPCs and on-premises networks.
2. Border Gateway Protocol (BGP)
- eBGP: Used between your on-premises ASN and AWS (usually VGW or TGW).
- ASNs: AWS uses
64512by default for the AWS side of the VPN. Customer ASNs can be public or private (64512–65534). - BGP Port: TCP 179.
3. Visual: Hybrid Connectivity Architecture
Loading Diagram...
Common Pitfalls
- Static vs. Dynamic: If a static route and a BGP-learned route for the exact same CIDR exist in a VPC route table, the static route always takes precedence.
- MTU Mismatch: Standard VPN MTU is 1500 bytes. Direct Connect supports Jumbo Frames (9001 bytes), but if the path includes a VPN or certain internet hops, packets will be dropped or fragmented if the MTU isn't adjusted.
- Overlapping CIDRs: AWS does not support routing between overlapping CIDR blocks. Use NAT Gateway or PrivateLink for