AWS Site-to-site VPN Static routing and Virtual Private Gateway failover

0

Hi,

I'm new in the VPN subject and In our company we provisioned a site to site VPN using static routing and VIrtual Private Gateway with a remote network, we followed the documentation and configured everything, the vpn connection's tunnels went up on both ends, AWS randomly choose one tunnel (let's say tunnel1) to send traffic as it says in the doc, in short everything was working. But after some time, the tunnel1 went down, and we verified that failover for tunnel2 didn't worked, traffic to the remote network wasn't directed to the tunnel2, even in CloudWatch metrics we verified that DataIn and DataOut stopped registering. In the docs AWS says: "Each Site-to-Site VPN connection has two tunnels, with each tunnel using a unique public IP address. It is important to configure both tunnels for redundancy. When one tunnel becomes unavailable (for example, down for maintenance), network traffic is automatically routed to the available tunnel for that specific Site-to-Site VPN connection."

But in some articles in the internet it says that we need to use BGP for automatic failover, do failover works for VPN using static routing or we need to configure some tool\feature to help AWS to identify that it needs to failover to the second tunnel, or it just works with BGP?

Thanks, Regards.

asked a year ago649 views
1 Answer
2
Accepted Answer

See this statement from the VPN documentation If you are looking for seamless failover/failback suggest looking at BGP based VPN tunnels.


We recommend that you use BGP-capable devices, when available, because the BGP protocol offers robust liveness detection checks that can assist failover to the second VPN tunnel if the first tunnel goes down. Devices that don't support BGP may also perform health checks to assist failover to the second tunnel when needed.

profile pictureAWS
EXPERT
answered a year ago
profile pictureAWS
EXPERT
reviewed a year ago
  • I will look into that, thanks!

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions