Task Statement 2.1: Implement routing and connectivity between on-premises networks and the AWS Cloud.
📘AWS Certified Advanced Networking – Specialty
1. What is Routing in Hybrid Connectivity?
Routing is the process of deciding how network traffic travels between different networks.
In hybrid environments, routing determines how traffic moves between:
- On-premises routers
- AWS Virtual Private Clouds (VPCs)
- AWS edge services (VPN / Direct Connect)
2. Types of Routing
There are two main types of routing used in AWS hybrid connectivity:
A. Static Routing
B. Dynamic Routing
3. Static Routing (Simple but Manual)
What is Static Routing?
Static routing means:
- Routes are manually configured
- No automatic updates
Example (IT context):
An administrator manually configures:
- “Send traffic for network 10.1.0.0/16 through VPN tunnel A”
Where Static Routing is Used in AWS
Static routing is commonly used with:
1. Site-to-Site VPN (Static Mode)
- You manually define:
- On-premises network CIDR blocks
- VPC CIDR blocks
2. Route Tables in VPC
- You manually add routes like:
- Destination:
10.0.0.0/16 - Target: Virtual Private Gateway (VGW)
- Destination:
Characteristics of Static Routing
| Feature | Description |
|---|---|
| Configuration | Manual |
| Updates | No automatic updates |
| Complexity | Simple |
| Scalability | Poor |
| Failover | Manual |
Advantages
- Easy to configure
- Predictable routing paths
- Good for small environments
Disadvantages
- No automatic failover
- Requires manual updates if network changes
- Not scalable for large networks
4. Dynamic Routing (Automatic and Scalable)
What is Dynamic Routing?
Dynamic routing uses a routing protocol to:
- Automatically exchange route information
- Adjust routes when network changes
Protocol Used in AWS
AWS uses:
Border Gateway Protocol (BGP)
This is the only dynamic routing protocol used in AWS hybrid connectivity.
What is BGP?
BGP is a protocol that:
- Exchanges routing information between networks
- Automatically updates routes
- Handles failover
Where BGP is Used in AWS
1. Site-to-Site VPN (Dynamic Mode)
- Routes are learned automatically via BGP
2. AWS Direct Connect
- BGP is used to exchange routes between:
- On-premises router
- AWS Direct Connect router
Key BGP Components
| Component | Description |
|---|---|
| ASN (Autonomous System Number) | Unique ID for a network |
| BGP Peering | Connection between two BGP routers |
| Advertised Routes | Networks shared between peers |
How BGP Works (Simple Flow)
- On-prem router establishes BGP session with AWS
- Both sides exchange route information
- Routing tables update automatically
- If a path fails, BGP selects a new path
Advantages of Dynamic Routing
- Automatic route updates
- Supports failover
- Scales well for large networks
- Reduces manual configuration
Disadvantages
- More complex to configure
- Requires understanding of BGP
- Needs compatible on-prem router
5. Static vs Dynamic Routing (Important Exam Comparison)
| Feature | Static Routing | Dynamic Routing (BGP) |
|---|---|---|
| Configuration | Manual | Automatic |
| Protocol | None | BGP |
| Failover | Manual | Automatic |
| Scalability | Low | High |
| Complexity | Low | Medium/High |
| Use Case | Small/simple setups | Large/complex networks |
6. AWS Hybrid Connectivity Options and Routing
A. Site-to-Site VPN
Supports both:
Static Routing
- Manual route configuration
- Use for simple setups
Dynamic Routing (BGP)
- Preferred method
- Supports automatic failover
B. AWS Direct Connect
- Uses BGP only
- Required for:
- Private VIF
- Public VIF
- Transit VIF
C. Transit Gateway
- Supports dynamic routing via BGP (with VPN / Direct Connect)
- Central hub for routing between:
- Multiple VPCs
- On-prem networks
7. Important AWS Routing Components
1. Virtual Private Gateway (VGW)
- AWS side of VPN connection
- Supports static and BGP routing
2. Customer Gateway (CGW)
- On-premises router
- Must support BGP for dynamic routing
3. Transit Gateway (TGW)
- Central routing hub
- Uses route tables
- Supports dynamic routing
4. Route Tables
Used in:
- VPC
- Transit Gateway
They define:
- Destination networks
- Next hop (target)
8. Failover and High Availability
Static Routing
- No automatic failover
- Requires manual changes
Dynamic Routing (BGP)
- Automatically detects:
- Tunnel failure
- Route changes
- Switches to backup path
VPN High Availability Example (IT Context)
- Two VPN tunnels are created
- BGP assigns priority
- If primary tunnel fails:
- Traffic shifts to secondary tunnel automatically
9. Route Propagation (Important Concept)
What is Route Propagation?
- Automatically adds routes learned via BGP into route tables
Used in:
- Virtual Private Gateway
- Transit Gateway
Static Routing vs Propagation
| Type | Behavior |
|---|---|
| Static | Manually added |
| Propagated | Automatically learned |
10. Route Priority and Selection
When multiple routes exist, AWS selects based on:
- Longest Prefix Match
- More specific route is preferred
- Static vs propagated routes
- Route priority (in BGP attributes)
11. Common Exam Scenarios
Scenario 1:
Small network, simple configuration
→ Use Static Routing
Scenario 2:
Large enterprise network with frequent changes
→ Use BGP Dynamic Routing
Scenario 3:
Need automatic failover
→ Use BGP
Scenario 4:
Using Direct Connect
→ Must use BGP
12. Best Practices (Exam Important)
- Use BGP whenever possible
- Use static routing only for simple environments
- Configure redundant VPN tunnels
- Use Transit Gateway for scalable architecture
- Monitor BGP sessions for stability
- Use route summarization to reduce complexity
13. Key Exam Tips
- AWS only supports BGP for dynamic routing
- Direct Connect requires BGP
- VPN supports both static and dynamic
- Dynamic routing = automatic failover
- Static routing = manual management
- Route propagation is tied to BGP
Final Summary
- Static routing = simple, manual, not scalable
- Dynamic routing (BGP) = automatic, scalable, supports failover
- AWS strongly prefers BGP for hybrid connectivity
- Understanding when to use each is critical for the exam
