Task Statement 2.1: Implement routing and connectivity between on-premises networks and the AWS Cloud.
📘AWS Certified Advanced Networking – Specialty
🔷 1. What is Traffic Management?
Traffic management means controlling how network traffic flows between:
- On-premises data centers
- Branch offices
- AWS VPCs
- Remote users
🎯 Main Goals:
- Optimize performance (low latency, high throughput)
- Ensure high availability (failover)
- Control routing paths
- Reduce cost
- Improve security
🔷 2. Key Traffic Management Techniques
2.1 Path Selection
Choosing the best path for traffic based on:
- Latency
- Bandwidth
- Packet loss
- Cost
AWS Context:
- Use BGP routing policies with VPN or Direct Connect
- Use Transit Gateway route tables
- Use SD-WAN controllers
2.2 Load Balancing
Distributes traffic across multiple links or endpoints.
Types:
- Active/Active
- Multiple links used at the same time
- Active/Passive
- One link active, another used for failover
AWS Implementation:
- Equal Cost Multi-Path (ECMP) on Transit Gateway
- Multiple VPN tunnels (active-active)
2.3 Failover and Redundancy
Ensures traffic continues if a link fails.
Methods:
- BGP route withdrawal
- Health checks
- Route prioritization
AWS Features:
- Dual VPN tunnels per connection
- Multi-Region architecture
- Transit Gateway with multiple attachments
2.4 Traffic Steering
Directing traffic based on rules.
Example in IT:
- Send database traffic through Direct Connect
- Send general internet traffic via VPN
🔷 3. What is SD-WAN?
SD-WAN (Software-Defined Wide Area Network) is a centralized way to manage and optimize WAN connections using software.
🔑 Key Features of SD-WAN:
- Centralized control (controller-based)
- Dynamic path selection
- Application-aware routing
- Encryption (built-in security)
- Link aggregation (combine MPLS, broadband, LTE)
📌 Why SD-WAN is Important in AWS Exam:
- Enterprises connect many branches to AWS
- Need optimized, secure, scalable connectivity
- Works with AWS networking services
🔷 4. AWS Integration with SD-WAN
AWS supports SD-WAN using:
- Site-to-Site VPN
- AWS Direct Connect
- Transit Gateway
- Transit Gateway Connect
🔷 5. Transit Gateway (TGW) Overview
Transit Gateway acts as a central hub connecting:
- VPCs
- VPNs
- Direct Connect gateways
- SD-WAN appliances
Benefits:
- Simplifies network architecture
- Reduces number of connections
- Centralized routing
🔷 6. Transit Gateway Connect (VERY IMPORTANT FOR EXAM)
🔶 What is Transit Gateway Connect?
Transit Gateway Connect allows integration of SD-WAN appliances with AWS using high-performance tunnels.
🔑 Key Features:
- Uses GRE (Generic Routing Encapsulation) tunnels
- Uses BGP for dynamic routing
- Designed for SD-WAN integration
- Provides higher bandwidth and scalability than standard VPN
🔧 Components:
1. Connect Attachment
- Logical connection between Transit Gateway and SD-WAN appliance
2. GRE Tunnel
- Encapsulates traffic between SD-WAN device and AWS
3. BGP Session
- Exchanges routing information dynamically
🔁 How It Works (Step-by-Step):
- SD-WAN appliance is deployed (on-premises or in VPC)
- Transit Gateway Connect attachment is created
- GRE tunnel is established
- BGP session exchanges routes
- Traffic flows dynamically based on policies
⚡ Why Use Transit Gateway Connect?
Compared to VPN:
| Feature | VPN | TGW Connect |
|---|---|---|
| Protocol | IPsec | GRE + BGP |
| Throughput | Lower | Higher |
| Scalability | Limited | High |
| SD-WAN Integration | Limited | Native |
🔷 7. SD-WAN Deployment Models in AWS
7.1 On-Premises SD-WAN to AWS
- Branch offices connect to AWS via SD-WAN controller
- Traffic routed through optimized paths
7.2 SD-WAN Appliance in AWS (Hub Model)
- SD-WAN virtual appliances deployed in VPC
- Acts as hub for branch connectivity
7.3 Hybrid Model
- Combination of Direct Connect + VPN + SD-WAN
🔷 8. Traffic Management with SD-WAN in AWS
🔑 Capabilities:
1. Application-Aware Routing
- Route traffic based on application type
- Example:
- Voice → low latency path
- Backup → low cost path
2. Dynamic Path Selection
- Automatically selects best path based on:
- Latency
- Jitter
- Packet loss
3. Link Aggregation
- Combine:
- MPLS
- Broadband
- VPN
- Direct Connect
4. Centralized Policy Management
- Policies defined in SD-WAN controller
- Applied across all locations
🔷 9. Exam Important Concepts (HIGH PRIORITY)
⭐ Transit Gateway Connect:
- Uses GRE + BGP
- Built for SD-WAN integration
- Provides high performance
⭐ ECMP (Equal Cost Multi-Path):
- Supported on Transit Gateway
- Enables load balancing across multiple paths
⭐ BGP Routing:
- Dynamic routing protocol used in:
- VPN
- Direct Connect
- TGW Connect
⭐ Route Tables:
- Control traffic flow in Transit Gateway
- Can isolate or share routes
⭐ High Availability:
- Multiple tunnels
- Multiple regions
- Multiple connections
🔷 10. Advantages of Using SD-WAN with AWS
- Better performance (optimized routing)
- Lower cost (use internet + MPLS)
- Scalability (supports many branches)
- Centralized management
- Improved visibility and control
🔷 11. Limitations / Considerations
- Requires SD-WAN vendor solution (e.g., Cisco, VMware)
- More complex setup than basic VPN
- Requires understanding of:
- BGP
- Routing policies
- Tunnel configurations
🔷 12. Quick Exam Summary (Must Remember)
- Traffic management = controlling how traffic flows
- SD-WAN = software-based WAN optimization
- Transit Gateway = central hub
- Transit Gateway Connect = SD-WAN integration using GRE + BGP
- BGP = dynamic routing
- ECMP = load balancing across multiple paths
✅ Final Tip for Exam
If the question mentions:
- High performance SD-WAN integration → Transit Gateway Connect
- Central hub architecture → Transit Gateway
- Dynamic routing → BGP
- Multiple paths → ECMP
