Hi,
I'm new in the VPN subject and In our company we provisioned a site to site VPN using static routing and VIrtual Private Gateway with a remote network, we followed the documentation and configured everything, the vpn connection's tunnels went up on both ends, AWS randomly choose one tunnel (let's say tunnel1) to send traffic as it says in the doc, in short everything was working. But after some time, the tunnel1 went down, and we verified that failover for tunnel2 didn't worked, traffic to the remote network wasn't directed to the tunnel2, even in CloudWatch metrics we verified that DataIn and DataOut stopped registering. In the docs AWS says: "Each Site-to-Site VPN connection has two tunnels, with each tunnel using a unique public IP address. It is important to configure both tunnels for redundancy. When one tunnel becomes unavailable (for example, down for maintenance), network traffic is automatically routed to the available tunnel for that specific Site-to-Site VPN connection."
But in some articles in the internet it says that we need to use BGP for automatic failover, do failover works for VPN using static routing or we need to configure some tool\feature to help AWS to identify that it needs to failover to the second tunnel, or it just works with BGP?
Thanks,
Regards.
AWS 공식업데이트됨 2년 전
I will look into that, thanks!