- Newest
- Most votes
- Most comments
Hello,
In theory and practice, it would be feasible to have a DX connection and a Site 2 Site VPN attached to AWS. However, one concern I have is what would be the reason for it. The DX connection for most large companies is going to be the preferred way, which is going to offer higher security (which you have to implement, for example, by using an S2S VPN over the DX) and also lower cost in the long term, and in addition, it is going to offer a stable and faster connection.
The second problem you might run into is that AWS has a routing preference, which essentially means that AWS will route traffic through a connection based on different "preferences".
An example of this would be if we have a VPC, a DX connection, and an S2S connection attached to it, which is going to send traffic to a desired destination. The VPC will route traffic to the destination with the longest prefix, so the prefix is going to match the best. The second priority for the VPC is that it routes to destinations that were statically propagated and then to routes that were not statically propagated. If they are still the same, the VPC will choose the route that goes over a DX connection, and then, if there is nothing left over, the VPN. This essentially means if you have the same routes configured for a VPC, it will always prefer the DX connection over the VPC.
Relevant content
- asked 2 years ago
AWS OFFICIALUpdated 10 months ago- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated a year ago
Thank you Julian!