Dual Site-to-Site VPN connections with more specific routes example - Hybrid Connectivity

Dual Site-to-Site VPN connections with more specific routes example

This scenario is based on a small on-premises site connect to a single AWS Region over redundant VPN connections over the internet to AWS Transit Gateway. The traffic engineering design depicted in Figure 13, shows a with traffic engineering you can influence the path selection, that increases the hybrid connectivity solution reliability by:

  • Providing resilient hybrid connectivity: redundant VPN connection that provides same performance capacity, automated failover by using dynamic routing protocol (BGP), speed up connection failure detection by using VPN dead peer detection.

  • Providing performance efficiency: configure ECMP per VPN connection to AWS Transit Gateway, helps to maximize the overall VPN connection bandwidth, also, (optionally) by advertising different more specific routes along with the site summary route helps to distribute the load over the two VPN connections

Figure 13 – Dual Site-to-Site VPN connections with more specific routes example