Question #761
A company wants to link its on-premises network to multiple VPCs spanning several AWS Regions. The solution must enable transitive routing among all VPCs, minimize data transfer expenses, offer high-speed dedicated network links, and ensure a uniform network architecture across all connected environments.
Which solution meets these requirements?
Deploy an AWS Site-to-Site VPN connection from the on-premises network to a central VPC. Use VPC peering to connect the central VPC to all other VPCs in different Regions.
Establish an AWS Direct Connect connection to AWS with a transit VIF. Attach the transit VIF to a Direct Connect gateway. Link the Direct Connect gateway to each VPC via a transit gateway deployed in each Region.
Configure an AWS Site-to-Site VPN connection from the on-premises network to a transit gateway with dynamic routing. Connect the transit gateway to all VPCs across Regions.
Set up an AWS Direct Connect connection to AWS and create Site-to-Site VPN connections between all VPCs. Use VPC peering from a central VPC to enable connectivity.
Explanation
Option B meets all requirements:
1. Transitive Routing: Direct Connect gateway linked to transit gateways in each Region enables transitive routing between all VPCs and on-premises.
2. Cost Efficiency: Direct Connect reduces data transfer costs compared to VPN, and transit gateways avoid costly inter-Region VPC peering.
3. High-Speed Links: Direct Connect provides dedicated, high-bandwidth connectivity.
4. Uniform Architecture: Transit gateways and Direct Connect gateway ensure consistent network design across Regions.
Other options fail:
- A: VPC peering is not transitive and incurs cross-Region costs.
- C: VPN lacks dedicated high-speed links and incurs higher data transfer costs.
- D: VPNs and VPC peering create complexity and lack transitive routing.
Key Points: Use Direct Connect + transit gateway for cross-Region transitive routing, cost efficiency, and uniform architecture.
Answer
The correct answer is: B