1. When using the topology with Cloud ACI using TGW to connect between infra and user VPC, does it mean the version of Cloud ACI has to be 5.x or later? Or does it mean the ACI On-premises it self has to be at version 5.x or later?
My guess is the former, since they are basically separate sites managed by MSOs, but I have to ask to be sure of the design.
2. With Direct Connect as underlay (private connection only), does Cloud ACI still need to establish an IPSec VPN between CSR and On-premises routers?
3. Does Cisco support a topology where the underlay connects to AWS DX Gateway via a transit VIF, which in turn attach to the TGW that also attaches infra VPC and user VPC, and possible VPN backup? Since TGW also suppports multiple Route tables, I'm thinking of this design so that TGW can be a centralised routing information distribution point, in terms of design.