AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 100

A company's network engineer is configuring an AWS Site-to-Site VPN connection between a transit gateway and the company's on-premises network. The Site-to-Site VPN connection is configured to use BGP over two tunnels in active/active mode with equal-cost multi-path (ECMP) routing activated on the transit gateway.

When the network engineer attempts to send traffic from the on-premises network to an Amazon EC2 instance, traffic is sent over the first tunnel. However, return traffic is received over the second tunnel and is dropped at the customer gateway. The network engineer must resolve this issue without reducing the overall VPN bandwidth.

Which solution will meet these requirements?

Answer options

• A. Configure the customer gateway to use AS PATH prepending and local preference to prefer one tunnel over the other.
• B. Configure the Site-to-Site VPN options to set the first tunnel as the primary tunnel to eliminate asymmetric routing.
• C. Configure the virtual tunnel interfaces on the customer gateway to allow asymmetric routing.
• D. Configure the Site-to-Site VPN to use static routing in active/active mode to ensure that traffic flows over a preferred path.

Correct answer: C

Explanation

The correct answer is C because allowing asymmetric routing on the virtual tunnel interfaces enables the return traffic to traverse the second tunnel without being dropped. The other options either enforce preferences that could complicate traffic flow or do not resolve the asymmetric routing issue effectively.