Q54 — AWS ANS-C01 Ch.1
Question 54 of 100 | ← Chapter 1
A company has several AWS Site-to-Site VPN connections between an on-premises customer gateway and a transit gateway. The company's Application uses IPv4 to communicate through the VPN connections. The company has updated the VPC to be dual stack and wants to transition to using IPv6-only for new workloads. When the company tries to Communicate through the existing VPN connections, IPv6 traffic fails. Which solution will provide IPv6 support with the LEAST operational overhead?
- A. Create a new Site-to-Site VPN connection that supports IPv6. ✓
- B. Create a new Site-to-Site VPN connection to a self-managed Amazon EC2 instance that runs open source software.
- C. Update the existing Site-to-Site VPN connections to support IPv6.
- D. Update the on-premises customer gateway's public IP address from IPv4 to IPv6.
Correct Answer: A. Create a new Site-to-Site VPN connection that supports IPv6.
Explanation
AWS Site-to-Site VPN连接的隧道协议在创建时确定,IPv6需要通过新建VPN实现而非修改现有配置。AWS官方文档指出,VPN连接的地址族(IPv4/IPv6)在创建阶段配置,不支持后期修改。现有VPN仅配置了IPv4,无法直接升级到IPv6。选项C错误,因AWS不允许修改已有VPN的地址族。选项D涉及更改客户网关的公网IP地址,可能影响现有业务且不直接解决VPN协议问题。选项B引入额外管理开销,不符合最小操作成本要求。选项A新建支持IPv6的VPN连接,符合操作简便原则。