Task Statement 3.1: Maintain routing and connectivity on AWS and hybrid networks.
📘AWS Certified Advanced Networking – Specialty
Routing protocols are essential to ensure that networks—both in AWS and on-premises—can communicate with each other efficiently. In hybrid environments, where you connect AWS with your on-premises data centers, understanding and managing routing protocols is crucial.
1. Key AWS Connectivity Options and Where Routing Protocols Fit
In AWS, there are multiple ways to connect your cloud network to on-premises or other networks:
- AWS Direct Connect (DX)
- A private, high-speed connection between your on-premises network and AWS.
- Supports BGP (Border Gateway Protocol) for exchanging routes dynamically.
- Can be dedicated or hosted.
- Virtual Interfaces (VIFs):
- Private VIF → Access to VPCs (AWS private network)
- Public VIF → Access to AWS public services like S3 or DynamoDB
- AWS Site-to-Site VPN
- A secure connection over the Internet between your network and AWS.
- Can use BGP for dynamic routing or static routes.
- Transit Gateway (TGW)
- Centralized hub to connect multiple VPCs and on-premises networks.
- Supports propagating routes dynamically using BGP from connected networks.
- VPC Peering
- Direct connection between VPCs.
- Uses static routing (routes are manually defined).
- Does not support BGP.
- PrivateLink
- Connects to AWS services privately without traversing the Internet.
- Uses static routes.
Tip: If a connection involves AWS and your on-premises network over DX or VPN, BGP is almost always used. If it’s just AWS-to-AWS, static routing may be enough.
2. Static vs Dynamic Routing
Static Routing
- You manually configure routes.
- Simple but not scalable.
- Used when network paths rarely change.
- Example in AWS:
- Routing between two VPCs using VPC peering.
- Adding static routes to reach a specific subnet in your on-premises network over VPN without BGP.
Dynamic Routing
- Routes are learned and updated automatically.
- BGP (Border Gateway Protocol) is the main protocol in AWS hybrid networks.
- Advantages:
- Automatically adjusts if a path goes down.
- Scales better than static routing.
- Used in:
- Direct Connect connections
- Site-to-Site VPN with BGP
- Transit Gateway propagations
3. Understanding BGP in AWS Hybrid Networks
What is BGP?
- A dynamic routing protocol used to exchange routes between networks.
- In AWS, BGP is primarily used over Direct Connect and VPN connections.
- Supports failover and redundancy.
Key Concepts
- Autonomous System Number (ASN)
- A unique identifier for your network.
- Needed for BGP peering between AWS and on-premises.
- BGP Peering
- AWS and on-premises routers exchange routes using BGP.
- You can set:
- Private ASNs (for internal networks)
- Public ASNs (rarely used, mostly for Internet)
- Route Propagation
- BGP updates allow AWS to automatically propagate routes to the route tables.
- Example:
- On-premises network has subnet
10.1.0.0/16 - BGP announces it to AWS
- AWS adds it automatically to the VPC route table
- Traffic from VPC reaches on-premises without manual configuration
- On-premises network has subnet
- BGP Attributes
- Local Preference → Preferred route inside your network
- AS Path → Helps avoid routing loops
- MED (Multi-Exit Discriminator) → Suggests preferred path to AWS or on-prem
4. Configuring BGP on AWS
AWS Direct Connect with BGP Example:
- Create a Direct Connect connection.
- Create a Private Virtual Interface (VIF).
- Configure BGP peer IP addresses:
- One on your router (on-premises)
- One on AWS side
- Set ASN for your network.
- AWS and your on-prem router exchange routes dynamically.
Site-to-Site VPN with BGP Example:
- AWS VPN gateway supports BGP over IPSec.
- BGP keeps routes updated even if one VPN tunnel goes down.
- BGP failover ensures traffic flows through the remaining tunnel automatically.
5. Route Table Management
- VPC Route Tables
- Where routes are stored inside a VPC.
- Can be propagated automatically from BGP connections.
- Static entries are still allowed for non-BGP paths.
- Transit Gateway Route Tables
- For hub-and-spoke network architectures.
- Can propagate routes from attached VPCs, Direct Connect, and VPN.
Exam Tip: AWS often asks which connections require static routes vs dynamic BGP routes, and how route propagation works in Transit Gateway or VPCs.
6. Common Exam Scenarios
- Direct Connect + VPC
- Use BGP for dynamic routing.
- Configure route propagation in the VPC route tables.
- Multiple VPN tunnels
- BGP ensures automatic failover if one tunnel fails.
- Hybrid network via Transit Gateway
- Use BGP over DX or VPN to propagate on-prem routes.
- TGW propagates these routes to connected VPCs.
- VPC Peering
- Requires static routes in route tables.
- No BGP support.
7. Key AWS Services to Remember for Routing Protocols
| Service | Routing Type | Notes |
|---|---|---|
| Direct Connect | Dynamic (BGP) | Supports private/public VIFs |
| Site-to-Site VPN | Static or BGP | BGP enables automatic failover |
| Transit Gateway | Dynamic (propagated routes) | Central hub for VPCs and on-prem |
| VPC Peering | Static | Manual route configuration |
| PrivateLink | Static | Service-specific routes only |
8. Exam Tips for AWS Certified Advanced Networking
- Always identify the connectivity type first → DX, VPN, TGW, Peering.
- Check if dynamic routing (BGP) is supported:
- DX and VPN → Yes
- Peering and PrivateLink → No
- Understand route propagation:
- How TGW propagates routes
- How VPC route tables receive BGP updates
- Know BGP failover scenarios:
- Multiple DX connections
- Multiple VPN tunnels
- Remember ASNs for BGP peer setup.
✅ Summary:
Managing routing protocols in AWS hybrid networks mainly involves BGP for dynamic routing and static routes for AWS-only paths. Understanding how routes propagate in VPCs, Transit Gateways, and over DX or VPN is critical for both network reliability and exam success.
