Q47 — AWS ANS-C01 Ch.1

Question 47 of 100 | ← Chapter 1

A company's network engineer is configuring an AWS Site-to-Site VPN connection between a transit gateway and the company's on-premises network. The Site-to-Site VPN connection is configured to use BGP over two tunnels in active/active mode with equal-cost multi-path (ECMP) routing activated on the transit gateway. When the network engineer attempts to send traffic from the on-premises network to an Amazon EC2 instance, traffic is sent over the first tunnel. However, return traffic is received over the second tunnel and is dropped at the customer gateway. The network engineer must resolve this issue without reducing the overall VPN bandwidth. Which solution will meet these requirements?

Correct Answer: C. Configure the virtual tunnel interfaces on the customer gateway to allow asymmetric routing.

Explanation

在这个情境中,由于返回流量在第二条隧道中被丢弃,需要解决不对称路由的问题。A选项,通过配置ASPATH预附加和本地优先级来偏向一个隧道可能会影响整体VPN带宽,不符合要求。B选项,将第一条隧道设置为主隧道可能无法从根本上解决不对称路由,且可能影响带宽。D选项,使用静态路由在主动/主动模式下可能无法灵活适应流量变化,也不一定能解决不对称问题。C选项,在客户网关配置虚拟隧道接口以允许不对称路由,能够在不减少VPN带宽的情况下解决流量不对称的问题。所以,正确答案是C。 查看全部