AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

Client VPN availability question

0

The Client VPN examples at https://aws.amazon.com/blogs/networking-and-content-delivery/using-aws-client-vpn-to-scale-your-work-from-home-capacity/ use this as an example for a failover (?) setup between two AZs:

Enter image description here

Is that enough to ensure connectivity between "remote workers" and VPC B/C/D in case of a problem in AZ A or AZ B? Is there any way I could realistically simulate a failure of one AZ?

I have the recommended setup for TGW attachments in their own /28. My AZ A and AZ B in this case are not the subnets with the TGW attachment, because the CVPN endpoint doesn't allow association with a subnet smaller than /27 - would it be a better/worse idea or make any difference at all if I used /27 subnets for the TGW attachments so I could associate the CVPN endpoints with the same subnets?

Thanks, Marc

주제
네트워킹 및 콘텐츠 전송
태그
네트워킹 및 콘텐츠 전송가용성
언어
English
Marc
질문됨 일 년 전262회 조회
3개 답변
2
수락된 답변

The way you have setup is correct, as long as you have TGW ENIs in 2 dedicated /28 subnets in 2 different Availability Zones will give you AZ level redundancy and thats what is mentioned in the TGW Best practice guidance.

Similarly as long as you associate 2 subnets from 2 different AZs to the ClientVPN endpoints the setup will give you AZ level redundancy.

CVPN endpoints and TGW ENIs don't need to be in the same subnet, it sounds like the way you have done the setup is correct.

profile pictureAWS
전문가
Tushar_J
답변함 일 년 전
profile pictureAWS
전문가
AWS-User-Nitin
검토됨 일 년 전
1

hi The best practice is to use multiple Availability Zone.

https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/disaster-recovery-resiliency.html

Multiple target networks for high availability You associate a target network with a Client VPN endpoint to enable clients to establish VPN sessions. Target networks are subnets in your VPC. Each subnet that you associate with the Client VPN endpoint must belong to a different Availability Zone. You can associate multiple subnets with a Client VPN endpoint for high availability. While there is not a specific solution to simulate Client VPN failover the documentation below might provide some guidance on how to think about it

https://docs.aws.amazon.com/fis/latest/userguide/fis-actions-reference.html#disrupt-connectivity

https://www.wellarchitectedlabs.com/reliability/300_labs/300_testing_for_resiliency_of_ec2_rds_and_s3/7_failure_injection_az/

AWS
kaveerh
답변함 일 년 전
0

Thank you both for your replies, much appreciated.

Marc
답변함 일 년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠