VPN Connections with an Amazon VPC Using Dynamic Routing


214 students completed the lab in ~1h:12m

Total available time: 2h:0m

76 students rated this lab!

Lab Overview

In this Lab, you will set up VPN connections with an Amazon Virtual Private Cloud (VPC) using dynamic routing as you make strides in migrating an on-premises application into the AWS cloud. You will configure the networking between your corporate network and an Amazon Virtual Private Cloud (VPC). The database (db) is hosted on-premises and the application is hosted in the cloud. As part of a real-world scenario, you will complete a design by fulfilling requirements.

Lab Objectives

Upon completion of this Lab you will be able to:

  • Connect on-premises networks to Amazon VPCs using Internet Protocol Security (IPSec) virtual private network (VPN) tunnels
  • Configure internal Border Gateway Protocol (BGP) on on-premises routers
  • Configure on-premises routers to connect to Amazon VPCs using BGP
  • Understand the differences between static and dynamic routing
  • Gain experience with multi-homed instances and understand some reasons for using them

Lab Prerequisites

You should be familiar with the following:

  • AWS networking concepts including VPCs, subnets, internet gateways, security groups, route tables, and Elastic IP addresses
  • AWS compute concepts including EC2 instances
  • Static routes in networks
  • Knowledge of routing protocols is beneficial, but not required

Lab Environment

Before completing the Lab instructions, the environment will look as follows:

After completing the Lab instructions, the environment should look similar to:

Follow these steps to learn by building helpful cloud resources

Logging in to the Amazon Web Services Console

Your first step to start the Lab experience

Understanding the VPN Connection Scenario

Understand the scenario, pre-created cloud resources, and what you will complete

Setting Up Multi-homed Router Instances

Attach a second network interface to separate traffic on subnets

Configuring Internal BGP Between Border Routers

Configure your VyOS routers to use Border Gateway Protocol internally to share routes

Creating Gateways and IPSec VPN Tunnels

Create both VPN and customer gateways and connect your corporate and AWS networks using IPSec VPN tunnels

Configuring External BGP Routing on Your Routers

Use AWS-generated configuration scripts to configure and test your routers VPN connectivity

Testing the Application Functionality Across Corporate and Cloud Networks

Test the application's functionality and tolerance to instance termination