Task Statement 1.5: Design a routing strategy and connectivity architecture between on-premises networks and the AWS Cloud.
📘AWS Certified Advanced Networking – Specialty
1. What is BGP in AWS Hybrid Connectivity?
Border Gateway Protocol (BGP) is a routing protocol used to exchange routing information between different networks (autonomous systems). In AWS hybrid connectivity, BGP is mainly used with:
- AWS Direct Connect
- AWS Site-to-Site VPN
BGP allows dynamic routing, meaning:
- Routes are automatically exchanged
- Failover happens automatically
- Traffic paths can be controlled using BGP attributes
2. Why BGP Attributes Matter
BGP attributes are rules or properties attached to routes that influence:
- Which path is preferred
- How traffic is balanced
- Which connection is primary or backup
In AWS networking design, these attributes help you:
- Control traffic flow between on-premises and AWS
- Implement load sharing or active/passive routing
- Optimize latency, cost, and availability
3. Key BGP Attributes You Must Know (Exam Important)
3.1 AS_PATH (Autonomous System Path)
- Lists the number of AS hops a route has passed through
- Shorter AS_PATH is preferred
How it is used:
- To influence route preference
- To make one path less preferred by artificially increasing AS_PATH
Exam Tip:
- Add extra AS hops → makes route less preferred → used for backup paths
3.2 LOCAL_PREF (Local Preference)
- Used inside an Autonomous System
- Higher value = more preferred route
Use case:
- Choose preferred path from on-premises toward AWS
- Common in active/passive setups
Example:
- Path A: LOCAL_PREF = 200 → preferred
- Path B: LOCAL_PREF = 100 → backup
3.3 MED (Multi-Exit Discriminator)
- Influences inbound traffic from external networks
- Lower MED = more preferred
Use case:
- Control how AWS selects paths when multiple connections exist
Important:
- Only compared when routes come from the same neighboring AS
3.4 Weight (Cisco-specific, but important concept)
- Highest weight is preferred
- Local to a router only (not shared with other routers)
3.5 Next Hop
- Specifies the next router for a route
- In AWS, this is often used with Direct Connect and VPN
4. Traffic Flow Strategies
4.1 Active/Passive Routing
Concept:
- One connection is primary (active)
- Another is backup (passive)
How BGP attributes help:
- Use LOCAL_PREF or AS_PATH prepending
- Ensure one route is always preferred
How it works in AWS:
- Primary: Direct Connect (low latency, high bandwidth)
- Backup: Site-to-Site VPN
Configuration approach:
- Primary path → higher LOCAL_PREF or lower AS_PATH
- Backup path → lower LOCAL_PREF or longer AS_PATH
4.2 Load Sharing (Active/Active Routing)
Concept:
- Traffic is distributed across multiple connections
How to achieve:
- Use equal BGP attributes
- Enable ECMP (Equal Cost Multi-Path)
Requirements:
- Same AS_PATH length
- Same LOCAL_PREF
- Same MED
Result:
- Traffic flows across multiple Direct Connect links or VPN tunnels
5. Designing Routing in AWS
5.1 Using AWS Direct Connect
- Supports BGP for dynamic routing
- You advertise routes from:
- On-premises → AWS
- AWS → On-premises
Key design options:
- Single connection (low resilience)
- Multiple connections (high availability)
- Active/active or active/passive
5.2 Using AWS Site-to-Site VPN
- Uses BGP over IPsec tunnels
- Typically used as:
- Backup for Direct Connect
- Or primary connection in some designs
5.3 Combining Direct Connect and VPN
A common exam scenario:
- Direct Connect = primary
- VPN = backup
How BGP attributes are used:
- Direct Connect:
- Lower AS_PATH or higher LOCAL_PREF
- VPN:
- Higher AS_PATH or lower LOCAL_PREF
6. Controlling Traffic Direction
6.1 Outbound Traffic (From on-premises to AWS)
Controlled by:
- LOCAL_PREF
- Higher LOCAL_PREF → preferred path
6.2 Inbound Traffic (From AWS to on-premises)
Controlled by:
- AS_PATH prepending
- MED
AS_PATH prepending:
- Add extra AS numbers to make a route less preferred
- Used to make AWS prefer one connection over another
7. Advanced Routing Scenarios
7.1 Multi-Region AWS Connectivity
- Use BGP attributes to:
- Prefer one region over another
- Control failover between regions
7.2 Multi-Connection Direct Connect
- Use BGP for:
- Load balancing across multiple links
- High availability
7.3 Failover Design
- BGP automatically detects failures
- Routes are withdrawn
- Traffic shifts to backup path
8. Important Exam Concepts
You must clearly understand:
1. Route Selection Order (Simplified)
BGP selects routes based on:
- Highest LOCAL_PREF
- Shortest AS_PATH
- Lowest MED
- Other attributes
2. Active/Passive Design
- One path is preferred
- Other path is backup
- Achieved using:
- LOCAL_PREF
- AS_PATH prepending
3. Active/Active Design
- Multiple paths used simultaneously
- Achieved using:
- ECMP
- Equal BGP attributes
4. AWS Integration
- BGP is used with:
- Direct Connect
- VPN
- Enables dynamic and scalable routing
9. Common Exam Questions Patterns
You may be asked:
- How to make one connection primary and another backup?
→ Use LOCAL_PREF or AS_PATH prepending - How to load balance traffic?
→ Use ECMP with equal BGP attributes - How to influence AWS inbound routing?
→ Use AS_PATH prepending - How to prefer a Direct Connect over VPN?
→ Increase LOCAL_PREF on Direct Connect
10. Key Takeaways (Very Important for Exam)
- BGP controls routing between on-premises and AWS
- BGP attributes are used to influence path selection
- LOCAL_PREF → outbound traffic control
- AS_PATH → inbound traffic control
- MED → external path preference
- Load sharing → equal attributes + ECMP
- Active/passive → different attributes (preferred + backup)
