Question #1
Exhibit.
A VXLAN tunnel has been created between leaf1 and Ieaf2 in your data center.
Referring to the exhibit, which statement is correct?
- A . Traffic sent from server1 to server2 will be dropped on Ieaf2.
- B . Traffic sent from server1 to server2 will be tagged with VLAN ID 100 on Ieaf2 and forwarded to server2.
- C . Traffic sent from server1 to server2 will be tagged with VLAN ID 200 on Ieaf2 and forwarded to server2.
- D . Traffic sent from server1 to server2 will be dropped on leaf1.
Correct Answer: C
C
Explanation:
Understanding VXLAN Tunneling:
VXLAN (Virtual Extensible LAN) is a network virtualization technology that addresses the scalability issues associated with traditional VLANs. VXLAN encapsulates Ethernet frames in UDP, allowing Layer 2 connectivity to extend across Layer 3 networks.
Each VXLAN network is identified by a unique VXLAN Network Identifier (VNI). In this exhibit, we have two VNIs, 5100 and 5200, assigned to the VXLAN tunnels between leaf1 and leaf2.
Network Setup Details:
Leaf1: Connected to Server1 with VLAN ID 100 and associated with VNI 5100.
Leaf2: Connected to Server2 with VLAN ID 200 and associated with VNI 5200.
Spine: Acts as the interconnect between leaf switches.
Traffic Flow Analysis:
When traffic is sent from Server1 to Server2, it is initially tagged with VLAN ID 100 on leaf1.
The traffic is encapsulated into a VXLAN packet with VNI 5100 on leaf1.
The packet is then sent across the network (via the spine) to leaf2.
On leaf2, the VXLAN header is removed, and the original Ethernet frame is decapsulated. Leaf2 will then associate this traffic with VLAN ID 200 before forwarding it to Server2.
Correct Interpretation of the Exhibit:
The traffic originating from Server1, which is tagged with VLAN ID 100, will be encapsulated into VXLAN and transmitted to leaf2.
Upon arrival at leaf2, it will be decapsulated, and since it is associated with VNI 5200 on leaf2, the traffic will be retagged with VLAN ID 200.
Therefore, the traffic will reach Server2 tagged with VLAN ID 200, which matches the network
configuration shown in the exhibit.
Data Center
Reference: This configuration is typical in data centers using VXLAN for network virtualization. It allows isolated Layer 2 segments (VLANs) to be stretched across Layer 3 boundaries while maintaining distinct VLAN IDs at each site.
This approach is efficient for scaling large data center networks while avoiding VLAN ID exhaustion and enabling easier segmentation.
In summary, the correct behavior, as per the exhibit and the detailed explanation, is that traffic sent from Server1 will be tagged with VLAN ID 200 when it reaches Server2 via leaf2. This ensures proper traffic segmentation and handling across the VXLAN-enabled data center network.
C
Explanation:
Understanding VXLAN Tunneling:
VXLAN (Virtual Extensible LAN) is a network virtualization technology that addresses the scalability issues associated with traditional VLANs. VXLAN encapsulates Ethernet frames in UDP, allowing Layer 2 connectivity to extend across Layer 3 networks.
Each VXLAN network is identified by a unique VXLAN Network Identifier (VNI). In this exhibit, we have two VNIs, 5100 and 5200, assigned to the VXLAN tunnels between leaf1 and leaf2.
Network Setup Details:
Leaf1: Connected to Server1 with VLAN ID 100 and associated with VNI 5100.
Leaf2: Connected to Server2 with VLAN ID 200 and associated with VNI 5200.
Spine: Acts as the interconnect between leaf switches.
Traffic Flow Analysis:
When traffic is sent from Server1 to Server2, it is initially tagged with VLAN ID 100 on leaf1.
The traffic is encapsulated into a VXLAN packet with VNI 5100 on leaf1.
The packet is then sent across the network (via the spine) to leaf2.
On leaf2, the VXLAN header is removed, and the original Ethernet frame is decapsulated. Leaf2 will then associate this traffic with VLAN ID 200 before forwarding it to Server2.
Correct Interpretation of the Exhibit:
The traffic originating from Server1, which is tagged with VLAN ID 100, will be encapsulated into VXLAN and transmitted to leaf2.
Upon arrival at leaf2, it will be decapsulated, and since it is associated with VNI 5200 on leaf2, the traffic will be retagged with VLAN ID 200.
Therefore, the traffic will reach Server2 tagged with VLAN ID 200, which matches the network
configuration shown in the exhibit.
Data Center
Reference: This configuration is typical in data centers using VXLAN for network virtualization. It allows isolated Layer 2 segments (VLANs) to be stretched across Layer 3 boundaries while maintaining distinct VLAN IDs at each site.
This approach is efficient for scaling large data center networks while avoiding VLAN ID exhaustion and enabling easier segmentation.
In summary, the correct behavior, as per the exhibit and the detailed explanation, is that traffic sent from Server1 will be tagged with VLAN ID 200 when it reaches Server2 via leaf2. This ensures proper traffic segmentation and handling across the VXLAN-enabled data center network.
Question #2
Exhibit.
You have implemented an EVPN-VXLAN data center. Device served must be able to communicate with device server2.
Referring to the exhibit, which two statements are correct? (Choose two.)
- A . An IRB interface must be configured on spinel and spine2.
- B . Traffic from server1 to server2 will transit a VXLAN tunnel to spinel or spine2. then a VXLAN tunnel from spinel or spine2 to Ieaf2.
- C . An IRB Interface must be configured on leaf1 and Ieaf2.
- D . Traffic from server! to server2 will transit the VXLAN tunnel between leaf1 and Ieaf2.
Correct Answer: CD
CD
Explanation:
Understanding the Exhibit Setup:
The network diagram shows an EVPN-VXLAN setup, a common design for modern data centers enabling Layer 2 and Layer 3 services over an IP fabric.
Leaf1 and Leaf2 are the leaf switches connected to Server1 and Server2, respectively, with each server in a different subnet (172.16.1.0/24 and 172.16.2.0/24).
Spine1 and Spine2 are part of the IP fabric, interconnecting the leaf switches.
EVPN-VXLAN Basics:
EVPN (Ethernet VPN) provides Layer 2 and Layer 3 VPN services using MP-BGP.
VXLAN (Virtual Extensible LAN) encapsulates Layer 2 frames into Layer 3 packets for transmission across an IP network.
VTEP (VXLAN Tunnel Endpoint) interfaces on leaf devices handle VXLAN encapsulation and decapsulation.
Integrated Routing and Bridging (IRB):
IRB interfaces are required on leaf1 and leaf2 (where the endpoints are directly connected) to route between different subnets (in this case, between 172.16.1.0/24 and 172.16.2.0/24).
The IRB interfaces provide the necessary L3 gateway functions for inter-subnet communication.
Traffic Flow Analysis:
Traffic from Server1 (172.16.1.1) destined for Server2 (172.16.2.1) must traverse from leaf1 to leaf2.
The traffic will be VXLAN encapsulated on leaf1, sent over the IP fabric, and decapsulated on leaf2.
Since the communication is between different subnets, the IRB interfaces on leaf1 and leaf2 are
crucial for routing the traffic correctly.
Correct Statements:
C. An IRB Interface must be configured on leaf1 and leaf2: This is necessary to perform the inter-subnet routing for traffic between Server1 and Server2.
D. Traffic from server1 to server2 will transit the VXLAN tunnel between leaf1 and leaf2: This describes the correct VXLAN operation where the traffic is encapsulated by leaf1 and decapsulated by leaf2.
Data Center
Reference: In EVPN-VXLAN architectures, the leaf switches often handle both Layer 2 switching and Layer 3 routing via IRB interfaces. This allows for efficient routing within the data center fabric without the need to involve the spine switches for every routing decision.
The described traffic flow aligns with standard EVPN-VXLAN designs, where direct VXLAN tunnels between leaf switches enable seamless and scalable communication across a data center network.
CD
Explanation:
Understanding the Exhibit Setup:
The network diagram shows an EVPN-VXLAN setup, a common design for modern data centers enabling Layer 2 and Layer 3 services over an IP fabric.
Leaf1 and Leaf2 are the leaf switches connected to Server1 and Server2, respectively, with each server in a different subnet (172.16.1.0/24 and 172.16.2.0/24).
Spine1 and Spine2 are part of the IP fabric, interconnecting the leaf switches.
EVPN-VXLAN Basics:
EVPN (Ethernet VPN) provides Layer 2 and Layer 3 VPN services using MP-BGP.
VXLAN (Virtual Extensible LAN) encapsulates Layer 2 frames into Layer 3 packets for transmission across an IP network.
VTEP (VXLAN Tunnel Endpoint) interfaces on leaf devices handle VXLAN encapsulation and decapsulation.
Integrated Routing and Bridging (IRB):
IRB interfaces are required on leaf1 and leaf2 (where the endpoints are directly connected) to route between different subnets (in this case, between 172.16.1.0/24 and 172.16.2.0/24).
The IRB interfaces provide the necessary L3 gateway functions for inter-subnet communication.
Traffic Flow Analysis:
Traffic from Server1 (172.16.1.1) destined for Server2 (172.16.2.1) must traverse from leaf1 to leaf2.
The traffic will be VXLAN encapsulated on leaf1, sent over the IP fabric, and decapsulated on leaf2.
Since the communication is between different subnets, the IRB interfaces on leaf1 and leaf2 are
crucial for routing the traffic correctly.
Correct Statements:
C. An IRB Interface must be configured on leaf1 and leaf2: This is necessary to perform the inter-subnet routing for traffic between Server1 and Server2.
D. Traffic from server1 to server2 will transit the VXLAN tunnel between leaf1 and leaf2: This describes the correct VXLAN operation where the traffic is encapsulated by leaf1 and decapsulated by leaf2.
Data Center
Reference: In EVPN-VXLAN architectures, the leaf switches often handle both Layer 2 switching and Layer 3 routing via IRB interfaces. This allows for efficient routing within the data center fabric without the need to involve the spine switches for every routing decision.
The described traffic flow aligns with standard EVPN-VXLAN designs, where direct VXLAN tunnels between leaf switches enable seamless and scalable communication across a data center network.
Question #3
Which statement is correct about a collapsed fabric EVPN-VXLAN architecture?
- A . Fully meshed back-to-back links are needed between the spine devices.
- B . It supports multiple vendors in the fabric as long as all the spine devices are Juniper devices deployed with L2 VTEPs
- C . Using Virtual Chassis at the leaf layer increases resiliency.
- D . Border gateway functions occur on border leaf devices.
Correct Answer: D
D
Explanation:
Collapsed Fabric Architecture:
A collapsed fabric refers to a simplified architecture where the spine and leaf roles are combined, often reducing the number of devices and links required.
In this architecture, the spine typically handles core switching, while leaf switches handle both access and distribution roles.
Understanding Border Gateway Functionality:
Border gateway functions include connecting the data center to external networks or other data centers.
In a collapsed fabric, these functions are usually handled at the leaf level, particularly on border leaf devices that manage the ingress and egress of traffic to and from the data center fabric. Correct Statement:
D. Border gateway functions occur on border leaf devices: This is accurate in collapsed fabric architectures, where the border leaf devices take on the role of managing external connections and handling routes to other data centers or the internet.
Data Center
Reference: The collapsed fabric model is advantageous in smaller deployments or scenarios where simplicity and cost-effectiveness are prioritized. It reduces complexity by consolidating functions into fewer devices, and the border leaf handles the critical task of interfacing with external networks.
In conclusion, border gateway functions are effectively managed at the leaf layer in collapsed fabric architectures, ensuring that the data center can communicate with external networks seamlessly.
D
Explanation:
Collapsed Fabric Architecture:
A collapsed fabric refers to a simplified architecture where the spine and leaf roles are combined, often reducing the number of devices and links required.
In this architecture, the spine typically handles core switching, while leaf switches handle both access and distribution roles.
Understanding Border Gateway Functionality:
Border gateway functions include connecting the data center to external networks or other data centers.
In a collapsed fabric, these functions are usually handled at the leaf level, particularly on border leaf devices that manage the ingress and egress of traffic to and from the data center fabric. Correct Statement:
D. Border gateway functions occur on border leaf devices: This is accurate in collapsed fabric architectures, where the border leaf devices take on the role of managing external connections and handling routes to other data centers or the internet.
Data Center
Reference: The collapsed fabric model is advantageous in smaller deployments or scenarios where simplicity and cost-effectiveness are prioritized. It reduces complexity by consolidating functions into fewer devices, and the border leaf handles the critical task of interfacing with external networks.
In conclusion, border gateway functions are effectively managed at the leaf layer in collapsed fabric architectures, ensuring that the data center can communicate with external networks seamlessly.
Question #4
You are deploying an EVPN-VXLAN overlay. You must ensure that Layer 3 routing happens on the spine devices.
In this scenario, which deployment architecture should you use?
- A . ERB
- B . CRB
- C . bridged overlay
- D . distributed symmetric routing
Correct Answer: B
B
Explanation:
Understanding EVPN-VXLAN Architectures:
EVPN-VXLAN overlays allow for scalable Layer 2 and Layer 3 services in modern data centers.
CRB (Centralized Routing and Bridging): In this architecture, the Layer 3 routing is centralized on
spine devices, while the leaf devices focus on Layer 2 switching and VXLAN tunneling. This setup is
optimal when the goal is to centralize routing for ease of management and to avoid complex routing
at the leaf level.
ERB (Edge Routing and Bridging): This architecture places routing functions on the leaf devices, making it a distributed model where each leaf handles routing for its connected hosts.
Architecture Choice for Spine Routing:
Given the requirement to ensure Layer 3 routing happens on the spine devices, the CRB (Centralized Routing and Bridging) architecture is the correct choice. This configuration offloads routing tasks to the spine, centralizing control and potentially simplifying the overall design.
With CRB, the spine devices perform all routing between VXLAN segments. Leaf switches handle local switching and VXLAN encapsulation, but routing decisions are centralized at the spine level. This model is particularly advantageous in scenarios where centralized management and routing control are desired, reducing the complexity and configuration burden on the leaf switches.
Data Center
Reference: The CRB architecture is commonly used in data centers where centralized control and simplified management are key design considerations. It allows the spines to act as the primary routing engines, ensuring that routing is handled in a consistent and scalable manner across the fabric.
B
Explanation:
Understanding EVPN-VXLAN Architectures:
EVPN-VXLAN overlays allow for scalable Layer 2 and Layer 3 services in modern data centers.
CRB (Centralized Routing and Bridging): In this architecture, the Layer 3 routing is centralized on
spine devices, while the leaf devices focus on Layer 2 switching and VXLAN tunneling. This setup is
optimal when the goal is to centralize routing for ease of management and to avoid complex routing
at the leaf level.
ERB (Edge Routing and Bridging): This architecture places routing functions on the leaf devices, making it a distributed model where each leaf handles routing for its connected hosts.
Architecture Choice for Spine Routing:
Given the requirement to ensure Layer 3 routing happens on the spine devices, the CRB (Centralized Routing and Bridging) architecture is the correct choice. This configuration offloads routing tasks to the spine, centralizing control and potentially simplifying the overall design.
With CRB, the spine devices perform all routing between VXLAN segments. Leaf switches handle local switching and VXLAN encapsulation, but routing decisions are centralized at the spine level. This model is particularly advantageous in scenarios where centralized management and routing control are desired, reducing the complexity and configuration burden on the leaf switches.
Data Center
Reference: The CRB architecture is commonly used in data centers where centralized control and simplified management are key design considerations. It allows the spines to act as the primary routing engines, ensuring that routing is handled in a consistent and scalable manner across the fabric.
Question #5
You want to ensure that VXLAN traffic from the xe-0/0/12 interlace is being encapsulated by logical vlep.32770 and sent to a remote leaf device in this scenario, which command would you use to verify that traffic is flowing?
- A . monitor traffic interface xe-0/0/12
- B . show interface terse vtep.32770
- C . show interfaces terse vtep.32770 statistics
- D . show interfaces vtep.32770 detail
Correct Answer: C
C
Explanation:
VXLAN Traffic Verification:
To ensure VXLAN traffic from the xe-0/0/12 interface is correctly encapsulated by the logical vtep.32770 and sent to a remote leaf device, it is essential to monitor the relevant interface statistics.
The command show interfaces terse vtep.32770 statistics provides a concise overview of the traffic
statistics for the specific VTEP interface, which can help verify whether traffic is being correctly
encapsulated and transmitted.
This command is particularly useful for quickly checking the traffic counters and identifying any potential issues with VXLAN encapsulation or transmission.
It allows you to confirm that traffic is flowing as expected, by checking the transmitted and received packet counters.
Data Center
Reference: Monitoring interface statistics is a crucial step in troubleshooting and validating network traffic, particularly in complex overlay environments like EVPN-VXLAN.
C
Explanation:
VXLAN Traffic Verification:
To ensure VXLAN traffic from the xe-0/0/12 interface is correctly encapsulated by the logical vtep.32770 and sent to a remote leaf device, it is essential to monitor the relevant interface statistics.
The command show interfaces terse vtep.32770 statistics provides a concise overview of the traffic
statistics for the specific VTEP interface, which can help verify whether traffic is being correctly
encapsulated and transmitted.
This command is particularly useful for quickly checking the traffic counters and identifying any potential issues with VXLAN encapsulation or transmission.
It allows you to confirm that traffic is flowing as expected, by checking the transmitted and received packet counters.
Data Center
Reference: Monitoring interface statistics is a crucial step in troubleshooting and validating network traffic, particularly in complex overlay environments like EVPN-VXLAN.
Question #6
Exhibit.
Connections between hosts connected to Leaf-1 and Leaf-2 are not working correctly.
- A . Referring to the exhibit, which two configuration changes are required to solve the problem? (Choose two.)
- B . Configure the set switch-options vtep-source-interface irb.0 parameter on Leaf-1.
- C . Configure the set switch-options vrf-target target:65000:l parameteron Leaf-2.
- D . Configure the set switch-options route-distinguisher i92.168.100.50:i parameter on Leaf-1.
- E . Configure the set switch-options service-id 1 parameter on Leaf-2.
Correct Answer: CE
CE
Explanation:
Issue Analysis:
The problem in the exhibit suggests a mismatch in configuration parameters between Leaf-1 and Leaf-2, leading to communication issues between hosts connected to these leaf devices.
Configuration Mismatches:
Service-ID: Leaf-1 has service-id 1 configured, while Leaf-2 does not have this parameter. For consistency and proper operation, the service-id should be the same across both leaf devices. VRF Target: Leaf-1 is configured with vrf-target target:65000:1, while Leaf-2 is configured with vrf-target target:65000:2. To allow proper VRF import/export between the two leafs, these should match.
Corrective Actions:
C. Configure the set switch-options vrf-target target:65000:1 parameter on Leaf-2: This aligns the VRF targets between the two leaf devices, ensuring they can correctly import and export routes.
E. Configure the set switch-options service-id 1 parameter on Leaf-2: This ensures that both Leaf-1 and Leaf-2 use the same service ID, which is necessary for consistency in the EVPN-VXLAN setup. Data Center
Reference: Correct configuration of VRF targets and service IDs is critical in EVPN-VXLAN setups to ensure that routes and services are correctly shared and recognized between different devices in the network fabric.
CE
Explanation:
Issue Analysis:
The problem in the exhibit suggests a mismatch in configuration parameters between Leaf-1 and Leaf-2, leading to communication issues between hosts connected to these leaf devices.
Configuration Mismatches:
Service-ID: Leaf-1 has service-id 1 configured, while Leaf-2 does not have this parameter. For consistency and proper operation, the service-id should be the same across both leaf devices. VRF Target: Leaf-1 is configured with vrf-target target:65000:1, while Leaf-2 is configured with vrf-target target:65000:2. To allow proper VRF import/export between the two leafs, these should match.
Corrective Actions:
C. Configure the set switch-options vrf-target target:65000:1 parameter on Leaf-2: This aligns the VRF targets between the two leaf devices, ensuring they can correctly import and export routes.
E. Configure the set switch-options service-id 1 parameter on Leaf-2: This ensures that both Leaf-1 and Leaf-2 use the same service ID, which is necessary for consistency in the EVPN-VXLAN setup. Data Center
Reference: Correct configuration of VRF targets and service IDs is critical in EVPN-VXLAN setups to ensure that routes and services are correctly shared and recognized between different devices in the network fabric.
Question #7
What are three actions available tor MAC move limiting? (Choose three.)
- A . drop
- B . filter
- C . enable
- D . log
- E . shutdown
Correct Answer: ADE
ADE
Explanation:
MAC Move Limiting:
MAC move limiting is a security feature used in network switches to detect and mitigate rapid changes in MAC address locations, which could indicate a network issue or an attack such as MAC flapping or spoofing.
When a MAC address is learned on a different interface than it was previously learned, the switch can take various actions to prevent potential issues.
Available Actions:
ADE
Explanation:
MAC Move Limiting:
MAC move limiting is a security feature used in network switches to detect and mitigate rapid changes in MAC address locations, which could indicate a network issue or an attack such as MAC flapping or spoofing.
When a MAC address is learned on a different interface than it was previously learned, the switch can take various actions to prevent potential issues.
Available Actions:
Question #8
Exhibit.
Referring to the exhibit, the spinel device has an underlay BGP group that is configured to peer with its neighbors’ directly connected interfaces.
Which two statements are true in this scenario? (Choose two.)
- A . The multihop statement is not required to establish the underlay BGP sessions.
- B . Load balancing for the underlay is not configured correctly.
- C . The multihop statement is required to establish the underlay BGP sessions.
- D . Load balancing for the underlay is configured correctly.
Correct Answer: AD
AD
Explanation:
Understanding BGP Configuration in the Exhibit:
The exhibit shows a BGP configuration on spine1 with a group named underlay, configured to peer with directly connected interfaces of other devices in the network.
Multipath multiple-as: This statement allows the router to install multiple paths in the routing table for routes learned from different ASes, facilitating load balancing. Key Statements:
AD
Explanation:
Understanding BGP Configuration in the Exhibit:
The exhibit shows a BGP configuration on spine1 with a group named underlay, configured to peer with directly connected interfaces of other devices in the network.
Multipath multiple-as: This statement allows the router to install multiple paths in the routing table for routes learned from different ASes, facilitating load balancing. Key Statements:
Question #9
You want to provide a OCI that keeps each data center routing domain isolated, while also supporting translation of VNIs.
Which DCI scheme allows these features?
- A . MPLS DCI label exchange
- B . over the top (OTT) with VNI translation enabled
- C . VXLAN stitching
- D . over the top (OTT) with proxy gateways
Correct Answer: C
C
Explanation:
Understanding DCI (Data Center Interconnect) Schemes:
DCI schemes are used to connect multiple data centers, enabling seamless communication and resource sharing between them. The choice of DCI depends on the specific requirements, such as isolation, VNI translation, or routing domain separation. VXLAN Stitching:
VXLAN stitching involves connecting multiple VXLAN segments, allowing VNIs (VXLAN Network Identifiers) from different segments to communicate with each other while maintaining separate routing domains.
This approach is particularly effective for keeping routing domains isolated while supporting VNI
translation, making it ideal for scenarios where you need to connect different data centers or
networks without merging their control planes.
Other Options:
C
Explanation:
Understanding DCI (Data Center Interconnect) Schemes:
DCI schemes are used to connect multiple data centers, enabling seamless communication and resource sharing between them. The choice of DCI depends on the specific requirements, such as isolation, VNI translation, or routing domain separation. VXLAN Stitching:
VXLAN stitching involves connecting multiple VXLAN segments, allowing VNIs (VXLAN Network Identifiers) from different segments to communicate with each other while maintaining separate routing domains.
This approach is particularly effective for keeping routing domains isolated while supporting VNI
translation, making it ideal for scenarios where you need to connect different data centers or
networks without merging their control planes.
Other Options:
Question #10
Exhibit.
Given the configuration shown in the exhibit, why has the next hop remained the same for the EVPN routes advertised to the peer 203.0.113.2?
- A . EVPN routes cannot have the next hop changed.
- B . The export policy is incorrectly configured.
- C . The vrf-export parameter must be applied.
- D . The vpn-apply-export parameter must be applied to this peer.
Correct Answer: D
D
Explanation:
Understanding the Configuration:
The configuration shown in the exhibit involves an EVPN (Ethernet VPN) setup using BGP as the routing protocol. The export policy named CHANGE_NH is applied to the BGP group evpn-peer, which includes a rule to change the next hop for routes that match the policy.
Issue with Next Hop Not Changing:
The policy CHANGE_NH is correctly configured to change the next hop to 203.0.113.10 for the matching routes. However, the next hop remains unchanged when advertising EVPN routes to the
peer 203.0.113.2.
Reason for the Issue:
In Junos OS, when exporting routes for VPNs (including EVPN), the next-hop change defined in a policy will not take effect unless the vpn-apply-export parameter is used in the BGP configuration. This parameter ensures that the export policy is applied specifically to VPN routes.
The vpn-apply-export parameter must be included to apply the next-hop change to EVPN routes.
Correct Answer
D. The vpn-apply-export parameter must be applied to this peer: This is the correct solution because
the next hop in EVPN routes won’t be altered without this parameter in the BGP configuration. It instructs the BGP process to apply the export policy to the EVPN routes.
Data Center
Reference: This behavior is standard in EVPN deployments with Juniper Networks devices, where the export policies applied to VPN routes require explicit invocation using vpn-apply-export to take effect.
D
Explanation:
Understanding the Configuration:
The configuration shown in the exhibit involves an EVPN (Ethernet VPN) setup using BGP as the routing protocol. The export policy named CHANGE_NH is applied to the BGP group evpn-peer, which includes a rule to change the next hop for routes that match the policy.
Issue with Next Hop Not Changing:
The policy CHANGE_NH is correctly configured to change the next hop to 203.0.113.10 for the matching routes. However, the next hop remains unchanged when advertising EVPN routes to the
peer 203.0.113.2.
Reason for the Issue:
In Junos OS, when exporting routes for VPNs (including EVPN), the next-hop change defined in a policy will not take effect unless the vpn-apply-export parameter is used in the BGP configuration. This parameter ensures that the export policy is applied specifically to VPN routes.
The vpn-apply-export parameter must be included to apply the next-hop change to EVPN routes.
Correct Answer
D. The vpn-apply-export parameter must be applied to this peer: This is the correct solution because
the next hop in EVPN routes won’t be altered without this parameter in the BGP configuration. It instructs the BGP process to apply the export policy to the EVPN routes.
Data Center
Reference: This behavior is standard in EVPN deployments with Juniper Networks devices, where the export policies applied to VPN routes require explicit invocation using vpn-apply-export to take effect.
Question #11
What are two ways in which an EVPN-signaled VXLAN is different from a multicast-signaled VXLAN? (Choose two.)
- A . An EVPN-signaled VXLAN can perform autodiscovery of VTEPs using IS-IS.
- B . An EVPN-signaled VXLAN can perform autodiscovery of VTEPs using BGP.
- C . An EVPN-signaled VXLAN is less resource intensive.
- D . An EVPN-signaled VXLAN features slower and more complete convergence.
Correct Answer: BC
BC
Explanation:
Multicast-Signaled VXLAN:
In traditional multicast-signaled VXLAN, VTEPs (VXLAN Tunnel Endpoints) use multicast to flood and learn about remote VTEPs. This method relies on multicast in the underlay network to distribute BUM (Broadcast, Unknown unicast, and Multicast) traffic.
This approach can be resource-intensive due to the need for multicast group management and increased network traffic, especially in large deployments.
EVPN-Signaled VXLAN:
EVPN-signaled VXLAN uses BGP (Border Gateway Protocol) to signal the presence of VTEPs and distribute MAC address information. BGP is used for VTEP autodiscovery and the distribution of endpoint information.
This method is more efficient because it reduces the reliance on multicast, instead using BGP control-
plane signaling to handle VTEP discovery and MAC learning, which reduces the overhead on the
network and improves scalability.
Correct Statements:
B. An EVPN-signaled VXLAN can perform autodiscovery of VTEPs using BGP: This is correct because EVPN uses BGP for VTEP autodiscovery, making it more efficient and scalable compared to multicast-based methods.
C. An EVPN-signaled VXLAN is less resource-intensive: This is correct because it eliminates the need for multicast flooding in the underlay, instead using BGP for signaling, which is less demanding on network resources.
Incorrect Statements:
BC
Explanation:
Multicast-Signaled VXLAN:
In traditional multicast-signaled VXLAN, VTEPs (VXLAN Tunnel Endpoints) use multicast to flood and learn about remote VTEPs. This method relies on multicast in the underlay network to distribute BUM (Broadcast, Unknown unicast, and Multicast) traffic.
This approach can be resource-intensive due to the need for multicast group management and increased network traffic, especially in large deployments.
EVPN-Signaled VXLAN:
EVPN-signaled VXLAN uses BGP (Border Gateway Protocol) to signal the presence of VTEPs and distribute MAC address information. BGP is used for VTEP autodiscovery and the distribution of endpoint information.
This method is more efficient because it reduces the reliance on multicast, instead using BGP control-
plane signaling to handle VTEP discovery and MAC learning, which reduces the overhead on the
network and improves scalability.
Correct Statements:
B. An EVPN-signaled VXLAN can perform autodiscovery of VTEPs using BGP: This is correct because EVPN uses BGP for VTEP autodiscovery, making it more efficient and scalable compared to multicast-based methods.
C. An EVPN-signaled VXLAN is less resource-intensive: This is correct because it eliminates the need for multicast flooding in the underlay, instead using BGP for signaling, which is less demanding on network resources.
Incorrect Statements:
Question #12
You are implementing VXLAN broadcast domains in your data center environment.
Which two statements are correct in this scenario? (Choose two.)
- A . A VXLAN packet does not contain a VLAN ID.
- B . The VNI must match the VLAN tag to ensure that the remote VTEP can decapsulate VXLAN packets.
- C . Layer 2 frames are encapsulated by the source VTEP.
- D . The VNI is a 16-bit value and can range from 0 through 16.777.215.
Correct Answer: AC
AC
Explanation:
VXLAN Overview:
VXLAN (Virtual Extensible LAN) is a network virtualization technology that encapsulates Layer 2 Ethernet frames into Layer 3 UDP packets for transmission over an IP network. It allows the creation of Layer 2 overlay networks across a Layer 3 infrastructure. Understanding VXLAN Components:
VTEP (VXLAN Tunnel Endpoint): A VTEP is responsible for encapsulating and decapsulating Ethernet frames into and from VXLAN packets.
VNI (VXLAN Network Identifier): A 24-bit identifier used to distinguish different VXLAN segments,
allowing for up to 16 million unique segments.
Correct Statements:
C. Layer 2 frames are encapsulated by the source VTEP: This is correct. In a VXLAN deployment, the source VTEP encapsulates the original Layer 2 Ethernet frame into a VXLAN packet before transmitting it over the IP network to the destination VTEP, which then decapsulates it.
AC
Explanation:
VXLAN Overview:
VXLAN (Virtual Extensible LAN) is a network virtualization technology that encapsulates Layer 2 Ethernet frames into Layer 3 UDP packets for transmission over an IP network. It allows the creation of Layer 2 overlay networks across a Layer 3 infrastructure. Understanding VXLAN Components:
VTEP (VXLAN Tunnel Endpoint): A VTEP is responsible for encapsulating and decapsulating Ethernet frames into and from VXLAN packets.
VNI (VXLAN Network Identifier): A 24-bit identifier used to distinguish different VXLAN segments,
allowing for up to 16 million unique segments.
Correct Statements:
C. Layer 2 frames are encapsulated by the source VTEP: This is correct. In a VXLAN deployment, the source VTEP encapsulates the original Layer 2 Ethernet frame into a VXLAN packet before transmitting it over the IP network to the destination VTEP, which then decapsulates it.
Question #13
You are deploying an IP fabric using EBGP and notice that your leaf devices are advertising and receiving all the routes. However, the routes are not installed in the routing table and are marked as hidden.
Which two statements describe how to solve the issue? (Choose two.)
- A . You need to configure as-override.
- B . You need to configure a next-hop self policy.
- C . You need to configure loops 2.
- D . You need to configure multipath multiple-as.
Correct Answer: BD
BD
Explanation:
Issue Overview:
The leaf devices in an IP fabric using eBGP are advertising and receiving all routes, but the routes are not being installed in the routing table and are marked as hidden. This typically indicates an issue with the BGP configuration, particularly with next-hop handling or AS path concerns. Corrective Actions:
B. You need to configure a next-hop self policy: This action ensures that the leaf devices modify the next-hop attribute to their own IP address before advertising routes to their peers. This is particularly important in eBGP setups where the next-hop may not be directly reachable by other peers.
D. You need to configure multipath multiple-as: This setting allows the router to accept multiple paths from different autonomous systems (ASes) and use them for load balancing. Without this, the BGP process might consider only one path and mark others as hidden.
Incorrect Statements:
BD
Explanation:
Issue Overview:
The leaf devices in an IP fabric using eBGP are advertising and receiving all routes, but the routes are not being installed in the routing table and are marked as hidden. This typically indicates an issue with the BGP configuration, particularly with next-hop handling or AS path concerns. Corrective Actions:
B. You need to configure a next-hop self policy: This action ensures that the leaf devices modify the next-hop attribute to their own IP address before advertising routes to their peers. This is particularly important in eBGP setups where the next-hop may not be directly reachable by other peers.
D. You need to configure multipath multiple-as: This setting allows the router to accept multiple paths from different autonomous systems (ASes) and use them for load balancing. Without this, the BGP process might consider only one path and mark others as hidden.
Incorrect Statements:
Question #14
In your EVPN-VXAN environment, you want to prevent a multihomed server from receiving multiple copies of BUM traffic in active/active scenarios.
Which EVPN route type would satisfy this requirement?
- A . Type 8
- B . Type 7
- C . Type 4
- D . Type 5
Correct Answer: C
C
Explanation:
Understanding the Scenario:
In an EVPN-VXLAN environment, when using multi-homing in active/active scenarios, there’s a risk that a multihomed server might receive duplicate copies of Broadcast, Unknown unicast, and Multicast (BUM) traffic. This is because multiple VTEPs might forward the same BUM traffic to the server.
EVPN Route Types:
Type 4 Route (Ethernet Segment Route): This route type is used to advertise the Ethernet Segment (ES) to which the device is connected. It is specifically used in multi-homing scenarios to signal the ES and its associated Ethernet Tag to all the remote VTEPs. The Type 4 route includes information that helps prevent BUM traffic duplication in active/active multi-homing by using a split-horizon mechanism, which ensures that traffic sent to a multihomed device does not get looped back.
The Type 4 route is crucial for ensuring that in a multi-homed setup, particularly in an active/active configuration, BUM traffic does not result in duplication at the server. The route helps coordinate which VTEP is responsible for forwarding the BUM traffic to the server, thereby preventing duplicate traffic.
Data Center
Reference: Type 4 routes are essential for managing multi-homing in EVPN to avoid the issues of BUM traffic duplication, which could otherwise lead to inefficiencies and potential network issues.
C
Explanation:
Understanding the Scenario:
In an EVPN-VXLAN environment, when using multi-homing in active/active scenarios, there’s a risk that a multihomed server might receive duplicate copies of Broadcast, Unknown unicast, and Multicast (BUM) traffic. This is because multiple VTEPs might forward the same BUM traffic to the server.
EVPN Route Types:
Type 4 Route (Ethernet Segment Route): This route type is used to advertise the Ethernet Segment (ES) to which the device is connected. It is specifically used in multi-homing scenarios to signal the ES and its associated Ethernet Tag to all the remote VTEPs. The Type 4 route includes information that helps prevent BUM traffic duplication in active/active multi-homing by using a split-horizon mechanism, which ensures that traffic sent to a multihomed device does not get looped back.
The Type 4 route is crucial for ensuring that in a multi-homed setup, particularly in an active/active configuration, BUM traffic does not result in duplication at the server. The route helps coordinate which VTEP is responsible for forwarding the BUM traffic to the server, thereby preventing duplicate traffic.
Data Center
Reference: Type 4 routes are essential for managing multi-homing in EVPN to avoid the issues of BUM traffic duplication, which could otherwise lead to inefficiencies and potential network issues.
Question #15
You want to convert an MX Series router from a VXLAN Layer 2 gateway to a VXLAN Layer 3 gateway for VNI 100. You have already configured an IRB interface.
In this scenario, which command would you use to accomplish this task?
- A . set protocols isis interface irb.100 passive
- B . set vlans VLAN-100 13-interface irb.100
- C . set bridge-domains VLAN-100 routing-interface irb.100
- D . set protocols ospf area 0.0.0.0 interface irb.100 passive
Correct Answer: C
C
Explanation:
Scenario Overview:
Converting an MX Series router from a VXLAN Layer 2 gateway to a VXLAN Layer 3 gateway involves transitioning the router’s functionality from simply bridging traffic within a VXLAN segment to routing traffic between different segments.
Key Configuration Requirement:
IRB (Integrated Routing and Bridging) Interface: An IRB interface allows for both Layer 2 switching and Layer 3 routing. To enable routing for a specific VNI (VXLAN Network Identifier), the IRB interface must be associated with the routing function in the corresponding bridge domain.
Correct Command:
C. set bridge-domains VLAN-100 routing-interface irb.100: This command correctly binds the IRB interface to the bridge domain, enabling Layer 3 routing functionality within the VXLAN for VNI 100. This effectively transitions the device from operating solely as a Layer 2 gateway to a Layer 3 gateway.
Data Center
Reference: This configuration step is essential when converting a Layer 2 VXLAN gateway to a Layer 3 gateway, enabling the MX Series router to route between VXLAN segments.
C
Explanation:
Scenario Overview:
Converting an MX Series router from a VXLAN Layer 2 gateway to a VXLAN Layer 3 gateway involves transitioning the router’s functionality from simply bridging traffic within a VXLAN segment to routing traffic between different segments.
Key Configuration Requirement:
IRB (Integrated Routing and Bridging) Interface: An IRB interface allows for both Layer 2 switching and Layer 3 routing. To enable routing for a specific VNI (VXLAN Network Identifier), the IRB interface must be associated with the routing function in the corresponding bridge domain.
Correct Command:
C. set bridge-domains VLAN-100 routing-interface irb.100: This command correctly binds the IRB interface to the bridge domain, enabling Layer 3 routing functionality within the VXLAN for VNI 100. This effectively transitions the device from operating solely as a Layer 2 gateway to a Layer 3 gateway.
Data Center
Reference: This configuration step is essential when converting a Layer 2 VXLAN gateway to a Layer 3 gateway, enabling the MX Series router to route between VXLAN segments.
Question #16
You manage an IP fabric with an EVPN-VXLAN overlay. You have multiple tenants separated using multiple unique VRF instances. You want to determine the routing information that belongs in each routing instance’s routing table.
In this scenario, which property is used for this purpose?
- A . the VRF target community
- B . the routing instance type
- C . the VRF table label
- D . the route distinguisher value
Correct Answer: D
D
Explanation:
Understanding VRF and Routing Instances:
In an EVPN-VXLAN overlay network, multiple tenants are separated using unique VRF (Virtual Routing and Forwarding) instances. Each VRF instance maintains its own routing table, allowing for isolated routing domains within the same network infrastructure. Role of Route Distinguisher:
Route Distinguisher (RD): The RD is a unique identifier used in MPLS and EVPN environments to distinguish routes belonging to different VRFs. The RD is prepended to the IP address in the route advertisement, ensuring that routes from different tenants remain unique even if they use the same IP address range.
Correct Property:
D. the route distinguisher value: This is the correct answer because the RD is crucial in determining which routing information belongs to which VRF instance. It ensures that each VRF’s routing table only contains relevant routes, maintaining isolation between tenants.
Data Center
Reference: The RD is a key element in MPLS and EVPN-based multi-tenant environments, ensuring proper routing segregation and isolation for different VRFs within the data center fabric.
D
Explanation:
Understanding VRF and Routing Instances:
In an EVPN-VXLAN overlay network, multiple tenants are separated using unique VRF (Virtual Routing and Forwarding) instances. Each VRF instance maintains its own routing table, allowing for isolated routing domains within the same network infrastructure. Role of Route Distinguisher:
Route Distinguisher (RD): The RD is a unique identifier used in MPLS and EVPN environments to distinguish routes belonging to different VRFs. The RD is prepended to the IP address in the route advertisement, ensuring that routes from different tenants remain unique even if they use the same IP address range.
Correct Property:
D. the route distinguisher value: This is the correct answer because the RD is crucial in determining which routing information belongs to which VRF instance. It ensures that each VRF’s routing table only contains relevant routes, maintaining isolation between tenants.
Data Center
Reference: The RD is a key element in MPLS and EVPN-based multi-tenant environments, ensuring proper routing segregation and isolation for different VRFs within the data center fabric.
Question #17
Exhibit.
You are troubleshooting a DCI connection to another data center The BGP session to the provider is established, but the session to Border-Leaf-2 is not established.
Referring to the exhibit, which configuration change should be made to solve the problem?
- A . set protocols bgp group overlay export loopbacks
- B . delete protocols bgp group UNDERLAY advertise-external
- C . set protocols bgp group PROVIDER export LOOPBACKS
- D . delete protocols bgp group OVERLAY accept-remote-nexthop
Correct Answer: D
D
Explanation:
Understanding the Configuration:
The exhibit shows a BGP configuration on a Border-Leaf device. The BGP group UNDERLAY is used for the underlay network, OVERLAY for EVPN signaling, and PROVIDER for connecting to the provider network.
The OVERLAY group has the accept-remote-nexthop statement, which is designed to accept the next-hop address learned from the remote peer as is, without modifying it. Problem Identification:
The BGP session to Border-Leaf-2 is not established. A common issue in EVPN-VXLAN environments
is related to next-hop reachability, especially when accept-remote-nexthop is configured.
In typical EVPN-VXLAN setups, the next-hop address should be reachable within the overlay network. However, the accept-remote-nexthop can cause issues if the next-hop IP address is not directly reachable or conflicts with the expected behavior in the overlay. Corrective Action:
D. delete protocols bgp group OVERLAY accept-remote-nexthop: Removing this command will ensure that the device uses its own IP address as the next-hop in BGP advertisements, which is standard practice in many EVPN-VXLAN setups. This change should help establish the BGP session with Border-Leaf-2.
Data Center
Reference: Proper handling of BGP next-hop attributes is critical in establishing and maintaining stable BGP sessions, especially in complex multi-fabric environments like EVPN-VXLAN. Removing accept-remote-nexthop aligns with best practices in many scenarios.
D
Explanation:
Understanding the Configuration:
The exhibit shows a BGP configuration on a Border-Leaf device. The BGP group UNDERLAY is used for the underlay network, OVERLAY for EVPN signaling, and PROVIDER for connecting to the provider network.
The OVERLAY group has the accept-remote-nexthop statement, which is designed to accept the next-hop address learned from the remote peer as is, without modifying it. Problem Identification:
The BGP session to Border-Leaf-2 is not established. A common issue in EVPN-VXLAN environments
is related to next-hop reachability, especially when accept-remote-nexthop is configured.
In typical EVPN-VXLAN setups, the next-hop address should be reachable within the overlay network. However, the accept-remote-nexthop can cause issues if the next-hop IP address is not directly reachable or conflicts with the expected behavior in the overlay. Corrective Action:
D. delete protocols bgp group OVERLAY accept-remote-nexthop: Removing this command will ensure that the device uses its own IP address as the next-hop in BGP advertisements, which is standard practice in many EVPN-VXLAN setups. This change should help establish the BGP session with Border-Leaf-2.
Data Center
Reference: Proper handling of BGP next-hop attributes is critical in establishing and maintaining stable BGP sessions, especially in complex multi-fabric environments like EVPN-VXLAN. Removing accept-remote-nexthop aligns with best practices in many scenarios.
Question #18
You are asked to automatically provision new Juniper Networks devices in your network with minimal manual intervention Before you begin, which two statements are correct? (Choose two.)
- A . You must have a DHCP server that provides the location of the software image and configuration files.
- B . You must have a system log (syslog) server to manage system log messages and alerts.
- C . You must have an NTP server to perform time synchronization.
- D . You must have a file server that stores software image and configuration files.
Correct Answer: AD
AD
Explanation:
Zero-Touch Provisioning (ZTP):
ZTP is a feature that allows for the automatic provisioning of devices with minimal manual intervention. It is widely used in large-scale deployments to quickly bring new devices online. Key Requirements for ZTP:
AD
Explanation:
Zero-Touch Provisioning (ZTP):
ZTP is a feature that allows for the automatic provisioning of devices with minimal manual intervention. It is widely used in large-scale deployments to quickly bring new devices online. Key Requirements for ZTP:
Question #19
You are selling up an EVPN-VXLAN architecture (or your new data center. this initial deployment will be less than 50 switches: however, it could scale up to 250 switches over time supporting 1024 VLANs. You are still deciding whether to use symmetric or asymmetric routing.
In this scenario, which two statements are correct? (Choose two.)
- A . Symmetric routing needs an extra VLAN with an IRB interface for each L3 VRF instance.
- B . Asymmetric routing is easier lo monitor because of the transit VNI.
- C . Symmetric routing supports higher scaling numbers.
- D . Asymmetric routing routes traffic on the egress switch.
Correct Answer: CD
CD
Explanation:
Symmetric vs. Asymmetric Routing in EVPN-VXLAN:
Symmetric Routing: Traffic enters and exits the VXLAN network through the same VTEP, regardless of the source or destination. This approach simplifies routing decisions, especially in large networks, and is generally more scalable.
Asymmetric Routing: The routing occurs on the egress VTEP. This method can be simpler to deploy in smaller environments but becomes complex as the network scales, particularly with larger numbers of VNIs and VLANs.
Correct Statements:
C. Symmetric routing supports higher scaling numbers: Symmetric routing is preferred in larger EVPN-VXLAN deployments because it centralizes routing decisions, which can be more easily managed and scaled.
D. Asymmetric routing routes traffic on the egress switch: This is accurate, as asymmetric routing means the routing decision is made at the final hop, i.e., the egress VTEP before the traffic reaches its destination.
Incorrect Statements:
CD
Explanation:
Symmetric vs. Asymmetric Routing in EVPN-VXLAN:
Symmetric Routing: Traffic enters and exits the VXLAN network through the same VTEP, regardless of the source or destination. This approach simplifies routing decisions, especially in large networks, and is generally more scalable.
Asymmetric Routing: The routing occurs on the egress VTEP. This method can be simpler to deploy in smaller environments but becomes complex as the network scales, particularly with larger numbers of VNIs and VLANs.
Correct Statements:
C. Symmetric routing supports higher scaling numbers: Symmetric routing is preferred in larger EVPN-VXLAN deployments because it centralizes routing decisions, which can be more easily managed and scaled.
D. Asymmetric routing routes traffic on the egress switch: This is accurate, as asymmetric routing means the routing decision is made at the final hop, i.e., the egress VTEP before the traffic reaches its destination.
Incorrect Statements:
Question #20
Your organization is implementing EVPN-VXLAN and requires multiple overlapping VLAN-IDs. You decide to use a routing-instance type mac-vrf to satisfy this request.
Which two statements are correct in this scenario? (Choose two.)
- A . Host-facing interfaces must be configured using a service-provider style configuration.
- B . Host-facing interfaces must be configured using enterprise-style configuration.
- C . Spine-facing interfaces must be configured using an enterprise-style configuration.
- D . The routing-instance service type can be VLAN-based.
Correct Answer: AD
AD
Explanation:
Understanding the Scenario:
EVPN-VXLAN deployments often involve scenarios where multiple tenants or applications require
overlapping VLAN IDs, which can be managed using the mac-vrf routing instance type. This allows
you to segregate traffic within the same VLAN ID across different tenants.
Host-facing Interface Configuration:
AD
Explanation:
Understanding the Scenario:
EVPN-VXLAN deployments often involve scenarios where multiple tenants or applications require
overlapping VLAN IDs, which can be managed using the mac-vrf routing instance type. This allows
you to segregate traffic within the same VLAN ID across different tenants.
Host-facing Interface Configuration: