Dual Site-to-Site VPN connections with more specific routes example - Hybrid Connectivity

Dual Site-to-Site VPN connections with more specific routes example

This scenario is based on a small on-premises site connected to a single AWS Region via redundant VPN connections over the internet to the AWS Transit Gateway. The traffic engineering design is depicted in the figure 13. It shows how, using traffic engineering, you can influence the path selection, that increases the hybrid connectivity solution reliability by:

  • Providing resilient hybrid connectivity – redundant VPN connection that provides same performance capacity, automated failover by using dynamic routing protocol (BGP), speed up connection failure detection by using VPN dead peer detection.

  • Providing performance efficiency – configure ECMP per VPN connection to AWS Transit Gateway, helps to maximize the overall VPN connection bandwidth. Also, (optionally) by advertising different more specific routes along with the site summary route helps to distribute the load over the two VPN connections.

Dual Site-to-Site VPN connections with more specific
              routes example

Figure 1 – Dual Site-to-Site VPN connections with more specific routes example