Virtual Private Gateway - Bring your own Autonomous System Number Flashcards

1
Q

Does ClassicLink allow EC2-Classic Security Group rules to reference VPC Security Groups, or vice versa?

Virtual Private Gateway - Bring your own Autonomous System Number

Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery

A

ClassicLink does not allow EC2-Classic Security Group rules to reference VPC Security Groups, or vice versa.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is this feature?

Virtual Private Gateway - Bring your own Autonomous System Number

Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery

A

For any new VGWs, configurable Private Autonomous System Number(ASN) allows customers to set the ASN on the Amazon side of the BGP session for VPNs and AWS Direct Connect private VIFs .

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the cost of using this feature?

Virtual Private Gateway - Bring your own Autonomous System Number

Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery

A

There is no additional charge for this feature.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How can I configure/assign my ASN to be advertised as Amazon side ASN?

Virtual Private Gateway - Bring your own Autonomous System Number

Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery

A

You can configure/assign an ASN to be advertised as the Amazon side ASN during creation of the new Virtual Private Gateway (VGW). You can create a VGW using the VPC console or a EC2/CreateVpnGateway API call.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What ASN did Amazon assign prior to this feature?

Virtual Private Gateway - Bring your own Autonomous System Number

Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery

A

Amazon assigned the following ASNs: EU West (Dublin) 9059; Asia Pacific (Singapore) 17493 and Asia Pacific (Tokyo) 10124. All other regions were assigned an ASN of 7224; these ASNs are referred as “legacy public ASN” of the region.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Can I use any ASN – public and private?

Virtual Private Gateway - Bring your own Autonomous System Number

Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery

A

You can assign any private ASN to the Amazon side. You can assign the “legacy public ASN” of the region until June 30th 2018, you cannot assign any other public ASN. After June 30th 2018, Amazon will provide an ASN of 64512.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Why can’t I assign a public ASN for the Amazon half of the BGP session?

Virtual Private Gateway - Bring your own Autonomous System Number

Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery

A

Amazon is not validating ownership of the ASNs, therefore, we’re limiting the Amazon-side ASN to private ASNs. We want to protect customers from BGP spoofing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What ASN can I choose?

Virtual Private Gateway - Bring your own Autonomous System Number

Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery

A

You can choose any private ASN. Ranges for 16-bit private ASNs include 64512 to 65534. You can also provide 32-bit ASNs between 4200000000 and 4294967294.

Amazon will provide a default ASN for the VGW if you don’t choose one. Until June 30th 2018, Amazon will continue to provide the “legacy public ASN” of the region. After June 30th 2018, Amazon will provide an ASN of 64512.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What will happen if I try to assign a public ASN to the Amazon half of the BGP session?

Virtual Private Gateway - Bring your own Autonomous System Number

Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery

A

We will ask you to re-enter a private ASN once you attempt to create the VGW, unless it is the “legacy public ASN” of the region.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

If I don’t provide an ASN for the Amazon half of the BGP session, what ASN can I expect Amazon to assign to me?

Virtual Private Gateway - Bring your own Autonomous System Number

Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery

A

Amazon will provide an ASN for the VGW if you don’t choose one. Until June 30th 2018, Amazon will continue to provide the “legacy public ASN” of the region. After June 30th 2018, Amazon will provide an ASN of 64512.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Where can I view the Amazon side ASN?

Virtual Private Gateway - Bring your own Autonomous System Number

Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery

A

You can view the Amazon side ASN in the VGW page of VPC console and in the response of EC2/DescribeVpnGateways API.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

If I have a public ASN, will it work with a private ASN on the AWS side?

Virtual Private Gateway - Bring your own Autonomous System Number

Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery

A

Yes, you can configure the Amazon side of the BGP session with a private ASN and your side with a public ASN.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

I have private VIFs already configured and want to set a different Amazon side ASN for the BGP session on an existing VIF. How can I make this change?

Virtual Private Gateway - Bring your own Autonomous System Number

Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery

A

You will need to create a new VGW with desired ASN, and create a new VIF with the newly created VGW. Your device configuration also needs to change appropriately.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

I have VPN connections already configured and want to modify the Amazon side ASN for the BGP session of these VPNs. How can I make this change?

Virtual Private Gateway - Bring your own Autonomous System Number

Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery

A

You will need to create a new VGW with the desired ASN, and recreate your VPN connections between your Customer Gateways and the newly created VGW.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

I already have a VGW and a private VIF/VPN connection configured using an Amazon assigned public ASN of 7224. If Amazon automatically generates the ASN for the new private VGW, what Amazon side ASN will I be assigned?

Virtual Private Gateway - Bring your own Autonomous System Number

Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery

A

Amazon will assign 64512 to the Amazon side ASN for the new VGW.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

I have a VGW and a private VIF/VPN connection configured using an Amazon assigned public ASN. I want to use the same Amazon assigned public ASN for the new private VIF/VPN connection I’m creating. How do I do this?

Virtual Private Gateway - Bring your own Autonomous System Number

Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery

A

You can configure/assign an ASN to be advertised as the Amazon side ASN during creation of the new Virtual Private Gateway (VGW). You can create VGW using console or EC2/CreateVpnGateway API call. As noted earlier, we will allow the use of the “legacy public ASN” for your newly created VGW.

17
Q

I have a VGW and a private VIF/VPN connection configured using an Amazon assigned public ASN of 7224. If Amazon auto generates the ASN for the new private VIF/VPN connection using the same VGW, what Amazon side ASN will I be assigned?

Virtual Private Gateway - Bring your own Autonomous System Number

Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery

A

Amazon will assign 7224 to the Amazon side ASN for the new VIF/VPN connection. The Amazon side ASN for your new private VIF/VPN connection is inherited from your existing VGW and defaults to that ASN.

18
Q

I’m attaching multiple private VIFs to a single VGW. Can each VIF have a separate Amazon side ASN?

Virtual Private Gateway - Bring your own Autonomous System Number

Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery

A

No, you can assign/configure separate Amazon side ASN for each VGW, not each VIF. Amazon side ASN for VIF is inherited from the Amazon side ASN of the attached VGW.

19
Q

I’m creating multiple VPN connections to a single VGW. Can each VPN connection have a separate Amazon side ASN?

Virtual Private Gateway - Bring your own Autonomous System Number

Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery

A

No, you can assign/configure separate Amazon side ASN for each VGW, not each VPN connection. Amazon side ASN for VPN connection is inherited from the Amazon side ASN of the VGW.

20
Q

Where can I select my own ASN?

Virtual Private Gateway - Bring your own Autonomous System Number

Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery

A

When creating a VGW in the VPC console, uncheck the box asking if you want an auto-generated Amazon BGP ASN and provide your own private ASN for the Amazon half of the BGP session. Once VGW is configured with Amazon side ASN, the private VIFs or VPN connections created using the VGW will use your Amazon side ASN.

21
Q

I use CloudHub today. Will I have to adjust my configurations in the future?

Virtual Private Gateway - Bring your own Autonomous System Number

Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery

A

You will not have to make any changes.

22
Q

I want to select a 32-bit ASN. What is the range of 32-bit private ASNs?

Virtual Private Gateway - Bring your own Autonomous System Number

Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery

A

We will support 32-bit ASNs from 4200000000 to 4294967294.

23
Q

Once the VGW is created, can I change or modify the Amazon side ASN?

Virtual Private Gateway - Bring your own Autonomous System Number

Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery

A

No, you cannot modify the Amazon side ASN after creation. You can delete the VGW and recreate a new VGW with the desired ASN.

24
Q

Is there a new API to configure/assign the Amazon side ASN?

Virtual Private Gateway - Bring your own Autonomous System Number

Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery

A

No. You can do this with the same API as before (EC2/CreateVpnGateway). We just added a new parameter (amazonSideAsn) to this API.