Question #1
Which two statements are correct about reflecting inet-vpn unicast prefixes in BGP route reflection? (Choose two.)
- A . Route reflectors do not change any existing BGP attributes by default when advertising routes.
- B . A BGP peer does not require any configuration changes to become a route reflector client.
- C . Clients add their originator ID when advertising routes to their route reflector
- D . Route reflectors add their cluster ID to the AS path when readvertising client routes.
Correct Answer: A,B
A,B
Explanation:
Route reflection is a BGP feature that allows a router to reflect routes learned from one IBGP peer to another IBGP peer, without requiring a full-mesh IBGP topology. Route reflectors do not change any existing BGP attributes by default when advertising routes, unless explicitly configured to do so. A BGP peer does not require any configuration changes to become a route reflector client, only the route reflector needs to be configured with the client parameter under [edit protocols bgp group group-name neighbor neighbor-address] hierarchy level.
A,B
Explanation:
Route reflection is a BGP feature that allows a router to reflect routes learned from one IBGP peer to another IBGP peer, without requiring a full-mesh IBGP topology. Route reflectors do not change any existing BGP attributes by default when advertising routes, unless explicitly configured to do so. A BGP peer does not require any configuration changes to become a route reflector client, only the route reflector needs to be configured with the client parameter under [edit protocols bgp group group-name neighbor neighbor-address] hierarchy level.
Question #2
Exhibit
Click the Exhibit button-Referring to the exhibit, which two statements are correct about BGP routes on R3 that are learned from the ISP-A neighbor? (Choose two.)
- A . By default, the next-hop value for these routes is not changed by ISP-A before being sent to R3.
- B . The BGP local-preference value that is used by ISP-A is not advertised to R3.
- C . All BGP attribute values must be removed before receiving the routes.
- D . The next-hop value for these routes is changed by ISP-A before being sent to R3.
Correct Answer: A,B
A,B
Explanation:
BGP is an exterior gateway protocol that uses path vector routing to exchange routing information among autonomous systems. BGP uses various attributes to select the best path to each destination and to propagate routing policies. Some of the common BGP attributes are AS path, next hop, local preference, MED, origin, weight, and community. BGP attributes can be classified into four categories: well-known mandatory, well-known discretionary, optional transitive, and optional nontransitive. Well-known mandatory attributes are attributes that must be present in every BGP update message and must be recognized by every BGP speaker. Well-known discretionary attributes are attributes that may or may not be present in a BGP update message but must be recognized by every BGP speaker. Optional transitive attributes are attributes that may or may not be present in a BGP update message and may or may not be recognized by a BGP speaker. If an optional transitive attribute is not recognized by a BGP speaker, it is passed along to the next BGP speaker. Optional nontransitive attributes are attributes that may or may not be present in a BGP update message and may or may not be recognized by a BGP speaker. If an optional nontransitive attribute is not recognized by a BGP speaker, it is not passed along to the next BGP speaker. In this question, we have four routers (R1, R2, R3, and R4) that are connected in a full mesh topology and running IBGP. R3 receives the 192.168.0.0/16 route from its EBGP neighbor and advertises it to R1 and R4 with different BGP attribute values. We are asked which statements are correct about the BGP routes on R3 that are learned from the ISP-A neighbor.
Based on the information given, we can infer that the correct statements are:
✑ By default, the next-hop value for these routes is not changed by ISP-A before being sent to R3. This is because the default behavior of EBGP is to preserve the next-hop attribute of the routes received from another EBGP neighbor. The next-hop attribute indicates the IP address of the router that should be used as the next hop to reach the destination network.
✑ The BGP local-preference value that is used by ISP-A is not advertised to R3. This is because the local-preference attribute is a well-known discretionary attribute that is used to influence the outbound traffic from an autonomous system. The local-preference attribute is only propagated within an autonomous system and is not advertised to external neighbors.
References:
https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13753-25.html:
https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13762-40.html:
https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13759-37.html
A,B
Explanation:
BGP is an exterior gateway protocol that uses path vector routing to exchange routing information among autonomous systems. BGP uses various attributes to select the best path to each destination and to propagate routing policies. Some of the common BGP attributes are AS path, next hop, local preference, MED, origin, weight, and community. BGP attributes can be classified into four categories: well-known mandatory, well-known discretionary, optional transitive, and optional nontransitive. Well-known mandatory attributes are attributes that must be present in every BGP update message and must be recognized by every BGP speaker. Well-known discretionary attributes are attributes that may or may not be present in a BGP update message but must be recognized by every BGP speaker. Optional transitive attributes are attributes that may or may not be present in a BGP update message and may or may not be recognized by a BGP speaker. If an optional transitive attribute is not recognized by a BGP speaker, it is passed along to the next BGP speaker. Optional nontransitive attributes are attributes that may or may not be present in a BGP update message and may or may not be recognized by a BGP speaker. If an optional nontransitive attribute is not recognized by a BGP speaker, it is not passed along to the next BGP speaker. In this question, we have four routers (R1, R2, R3, and R4) that are connected in a full mesh topology and running IBGP. R3 receives the 192.168.0.0/16 route from its EBGP neighbor and advertises it to R1 and R4 with different BGP attribute values. We are asked which statements are correct about the BGP routes on R3 that are learned from the ISP-A neighbor.
Based on the information given, we can infer that the correct statements are:
✑ By default, the next-hop value for these routes is not changed by ISP-A before being sent to R3. This is because the default behavior of EBGP is to preserve the next-hop attribute of the routes received from another EBGP neighbor. The next-hop attribute indicates the IP address of the router that should be used as the next hop to reach the destination network.
✑ The BGP local-preference value that is used by ISP-A is not advertised to R3. This is because the local-preference attribute is a well-known discretionary attribute that is used to influence the outbound traffic from an autonomous system. The local-preference attribute is only propagated within an autonomous system and is not advertised to external neighbors.
References:
https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13753-25.html:
https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13762-40.html:
https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13759-37.html
Question #3
A packet is received on an interface configured with transmission scheduling. One of the configured queues.
In this scenario, which two actions will be taken by default on a Junos device? (Choose two.)
- A . The excess traffic will be discarded
- B . The exceeding queue will be considered to have negative bandwidth credit.
- C . The excess traffic will use bandwidth available from other queueses
- D . The exceeding queue will be considered to have positive bandwidth credit
Correct Answer: A,C
A,C
Explanation:
In Junos devices, when a packet is received on an interface configured with transmission scheduling, and one of the configured queues is exceeding its allocated bandwidth, the typical actions taken are based on the scheduling configuration and congestion management mechanisms in place. Here are the two likely default actions:
The excess traffic will be discarded. When a queue exceeds its configured bandwidth, and if there are no other congestion management mechanisms in place (like buffer or RED profiles), the excess traffic could be dropped by default.
The excess traffic will use bandwidth available from other queues. If excess bandwidth is available from other queues and the scheduling configuration allows for it, excess traffic may utilize unused bandwidth from other queues. This is typical behavior in scenarios where queues are configured with some form of shared bandwidth allocation or where one queue can borrow unused bandwidth from others.
A,C
Explanation:
In Junos devices, when a packet is received on an interface configured with transmission scheduling, and one of the configured queues is exceeding its allocated bandwidth, the typical actions taken are based on the scheduling configuration and congestion management mechanisms in place. Here are the two likely default actions:
The excess traffic will be discarded. When a queue exceeds its configured bandwidth, and if there are no other congestion management mechanisms in place (like buffer or RED profiles), the excess traffic could be dropped by default.
The excess traffic will use bandwidth available from other queues. If excess bandwidth is available from other queues and the scheduling configuration allows for it, excess traffic may utilize unused bandwidth from other queues. This is typical behavior in scenarios where queues are configured with some form of shared bandwidth allocation or where one queue can borrow unused bandwidth from others.
Question #4
Which two statements are correct about VPLS tunnels? (Choose two.)
- A . LDP-signaled VPLS tunnels only support control bit 0.
- B . LDP-signaled VPLS tunnels use auto-discovery to provision sites
- C . BGP-signaled VPLS tunnels can use either RSVP or LDP between the PE routers.
- D . BGP-signaled VPLS tunnels require manual provisioning of sites.
Correct Answer: B,D
B,D
Explanation:
In the context of Virtual Private LAN Service (VPLS) and the signaling protocols used to establish VPLS tunnels:
LDP-signaled VPLS tunnels use auto-discovery to provision sites. In LDP-signaled VPLS, auto-discovery is used to discover other PE routers that are part of the same VPLS instance. This is typically done through the exchange of LDP messages that carry VPLS labels.
BGP-signaled VPLS tunnels require manual provisioning of sites. When using BGP for signaling in VPLS (also known as BGP-based VPLS), each site needs to be manually provisioned. This includes configuring the site identifier and the parameters for the VPLS instance on the PE router.
B,D
Explanation:
In the context of Virtual Private LAN Service (VPLS) and the signaling protocols used to establish VPLS tunnels:
LDP-signaled VPLS tunnels use auto-discovery to provision sites. In LDP-signaled VPLS, auto-discovery is used to discover other PE routers that are part of the same VPLS instance. This is typically done through the exchange of LDP messages that carry VPLS labels.
BGP-signaled VPLS tunnels require manual provisioning of sites. When using BGP for signaling in VPLS (also known as BGP-based VPLS), each site needs to be manually provisioned. This includes configuring the site identifier and the parameters for the VPLS instance on the PE router.
Question #5
Exhibit
The network shown in the exhibit is based on IS-IS
Which statement is correct in this scenario?
- A . The NSEL byte for Area 0001 is 00.
- B . The area address is two bytes.
- C . The routers are using unnumbered interfaces
- D . The system IDofR1_2 is 192.168.16.1
Correct Answer: A
A
Explanation:
IS-IS is an interior gateway protocol that uses link-state routing to exchange routing information among routers within a single autonomous system. IS-IS uses two types of addresses to identify routers and areas: system ID and area address. The system ID is a unique identifier for each router in an IS-IS domain. The system ID is 6 octets long and can be derived from the MAC address or manually configured. The area address is a variable-length identifier for each area in an IS-IS domain. The area address can be 1 to 13 octets long and is composed of high-order octets of the address. An IS-IS instance may be assigned multiple area addresses, which are considered synonymous. Multiple synonymous area addresses are useful when merging or splitting areas in the domain1. In this question, we have a network based on IS-IS with four routers (R1_1, R1_2, R2_1, and R2_2) belonging to area 0001. The area address for area 0001 is 49.0001. The NSEL byte for area 0001 is the last octet of the address, which is 01. The NSEL byte stands for Network Service Access Point Selector (NSAP Selector) and indicates the type of service requested from the network layer2. Therefore, the correct statement in this scenario is that the NSEL byte for area 0001 is 01.
References:
1: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_isis/configuration/xe-16/irs-xe-16-book/irs-ovrvw-cf.html
2: https://www.juniper.net/documentation/us/en/software/junos/is-is/topics/concept/is-is-routing-overview.html
A
Explanation:
IS-IS is an interior gateway protocol that uses link-state routing to exchange routing information among routers within a single autonomous system. IS-IS uses two types of addresses to identify routers and areas: system ID and area address. The system ID is a unique identifier for each router in an IS-IS domain. The system ID is 6 octets long and can be derived from the MAC address or manually configured. The area address is a variable-length identifier for each area in an IS-IS domain. The area address can be 1 to 13 octets long and is composed of high-order octets of the address. An IS-IS instance may be assigned multiple area addresses, which are considered synonymous. Multiple synonymous area addresses are useful when merging or splitting areas in the domain1. In this question, we have a network based on IS-IS with four routers (R1_1, R1_2, R2_1, and R2_2) belonging to area 0001. The area address for area 0001 is 49.0001. The NSEL byte for area 0001 is the last octet of the address, which is 01. The NSEL byte stands for Network Service Access Point Selector (NSAP Selector) and indicates the type of service requested from the network layer2. Therefore, the correct statement in this scenario is that the NSEL byte for area 0001 is 01.
References:
1: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_isis/configuration/xe-16/irs-xe-16-book/irs-ovrvw-cf.html
2: https://www.juniper.net/documentation/us/en/software/junos/is-is/topics/concept/is-is-routing-overview.html
Question #6
Exhibit
Referring to the exhibit, CE-1 is providing NAT services for the hosts at Site 1 and you must provide Internet access for those hosts
Which two statements are correct in this scenario? (Choose two.)
- A . You must configure a static route in the main routing instance for the 10 1 2.0/24 prefix that uses the VPN-A.inet.0 table as the next hop
- B . You must configure a static route in the main routing instance for the 203.0.113.1/32 prefix that uses the VPN-A.inet.0 table as the next hop.
- C . You must configure a RIB group on PE-1 to leak a default route from the inet.0 table to the VPN-A.inet.0 table.
- D . You must configure a RIB group on PE-1 to leak the 10 1 2.0/24 prefix from the VPN-A.inet.0 table to the inet.0 table.
Correct Answer: C,D
C,D
Explanation:
In the given scenario, where CE-1 at Site 1 is providing NAT services and requires Internet access for its hosts, the correct configuration on PE-1 to provide Internet access involves routing and potentially using Routing Information Base (RIB) groups to ensure proper route leaking between VRFs (Virtual Routing and Forwarding instances) and the global routing table. Here are the correct statements:
You must configure a RIB group on PE-1 to leak a default route from the inet.0 table to the VPN-A.inet.0 table. By leaking a default route into the VPN-A routing table, hosts in Site 1 will be able to access the Internet via the PE-1 gateway. This is assuming that PE-1 is the gateway to the Internet for the VPN-A site.
You must configure a RIB group on PE-1 to leak the 10.1.2.0/24 prefix from the VPN-A.inet.0 table to the inet.0 table. This step is necessary if other devices in the main routing instance need to reach the hosts behind CE-1, which are performing NAT. This allows for return traffic from the Internet destined for the NATed IP addresses to find the correct route back to the CE-1 device.
C,D
Explanation:
In the given scenario, where CE-1 at Site 1 is providing NAT services and requires Internet access for its hosts, the correct configuration on PE-1 to provide Internet access involves routing and potentially using Routing Information Base (RIB) groups to ensure proper route leaking between VRFs (Virtual Routing and Forwarding instances) and the global routing table. Here are the correct statements:
You must configure a RIB group on PE-1 to leak a default route from the inet.0 table to the VPN-A.inet.0 table. By leaking a default route into the VPN-A routing table, hosts in Site 1 will be able to access the Internet via the PE-1 gateway. This is assuming that PE-1 is the gateway to the Internet for the VPN-A site.
You must configure a RIB group on PE-1 to leak the 10.1.2.0/24 prefix from the VPN-A.inet.0 table to the inet.0 table. This step is necessary if other devices in the main routing instance need to reach the hosts behind CE-1, which are performing NAT. This allows for return traffic from the Internet destined for the NATed IP addresses to find the correct route back to the CE-1 device.
Question #7
Which three mechanisms are used by Junos platforms to evaluate incoming traffic for CoS purposes? (Choose three )
- A . rewrite rules
- B . behavior aggregate classifiers
- C . traffic shapers
- D . fixed classifiers
- E . multifield classifiers
Correct Answer: B,D,E
B,D,E
Explanation:
Junos platforms use different mechanisms to evaluate incoming traffic for CoS purposes, such as:
✑ Behavior aggregate classifiers: These classifiers use a single field in a packet header to classify traffic into different forwarding classes and loss priorities based on predefined or user-defined values.
✑ Fixed classifiers: These classifiers use a fixed field in a packet header to classify traffic into different forwarding classes and loss priorities based on predefined values.
✑ Multifield classifiers: These classifiers use multiple fields in a packet header to classify traffic into different forwarding classes and loss priorities based on user-defined values and filters.
Rewrite rules and traffic shapers are not used to evaluate incoming traffic for CoS purposes, but rather to modify or shape outgoing traffic based on CoS policies.
B,D,E
Explanation:
Junos platforms use different mechanisms to evaluate incoming traffic for CoS purposes, such as:
✑ Behavior aggregate classifiers: These classifiers use a single field in a packet header to classify traffic into different forwarding classes and loss priorities based on predefined or user-defined values.
✑ Fixed classifiers: These classifiers use a fixed field in a packet header to classify traffic into different forwarding classes and loss priorities based on predefined values.
✑ Multifield classifiers: These classifiers use multiple fields in a packet header to classify traffic into different forwarding classes and loss priorities based on user-defined values and filters.
Rewrite rules and traffic shapers are not used to evaluate incoming traffic for CoS purposes, but rather to modify or shape outgoing traffic based on CoS policies.
Question #8
Exhibit
You are asked to exchange routes between R1 and R4 as shown in the exhibit. These two routers use the same AS number.
Which two steps will accomplish this task? (Choose two.)
- A . Configure the BGP group with the advertise-peer-as parameter on R1 and R4.
- B . Configure the BGP group with the as-override parameter on R2 and R3
- C . Configure the BGP group with the advertise-peer-as parameter on R2 and R3.
- D . Configure the BGP group with the as-override parameter on R1 and R4
Correct Answer: A,B
A,B
Explanation:
The advertise-peer-as parameter allows a router to advertise its peer’s AS number as part of the AS path attribute when sending BGP updates to other peers. This parameter is useful when two routers in the same AS need to exchange routes through another AS, such as in the case of R1 and R4. By configuring this parameter on R1 and R4, they can advertise each other’s AS number to R2 and R3, respectively.
The as-override parameter allows a router to replace the AS number of its peer with its own AS number when receiving BGP updates from that peer. This parameter is useful when two routers in different ASes need to exchange routes through another AS that has the same AS number as one of them, such as in the case of R2 and R3. By configuring this parameter on R2 and R3, they can override the AS number of R1 and R4 with their own AS number when sending BGP updates to each other.
A,B
Explanation:
The advertise-peer-as parameter allows a router to advertise its peer’s AS number as part of the AS path attribute when sending BGP updates to other peers. This parameter is useful when two routers in the same AS need to exchange routes through another AS, such as in the case of R1 and R4. By configuring this parameter on R1 and R4, they can advertise each other’s AS number to R2 and R3, respectively.
The as-override parameter allows a router to replace the AS number of its peer with its own AS number when receiving BGP updates from that peer. This parameter is useful when two routers in different ASes need to exchange routes through another AS that has the same AS number as one of them, such as in the case of R2 and R3. By configuring this parameter on R2 and R3, they can override the AS number of R1 and R4 with their own AS number when sending BGP updates to each other.
Question #9
You want to ensure that L1 IS-IS routers have only the most specific routes available from L2 IS-IS routers.
Which action accomplishes this task?
- A . Configure the ignore-attached-bit parameter on all L2 routers.
- B . Configure all routers to allow wide metrics.
- C . Configure all routers to be L1.
- D . Configure the ignore-attached-bit parameter on all L1 routers
Correct Answer: D
D
Explanation:
The attached bit is a flag in an IS-IS LSP that indicates whether a router is connected to another area or level (L2) of the network. By default, L2 routers set this bit when they advertise their LSPs to L1 routers, and L1 routers use this bit to select a default route to reach other areas or levels through L2 routers. However, this may result in suboptimal routing if there are multiple L2 routers with different paths to other areas or levels. To ensure that L1 routers have only the most specific routes available from L2 routers, you can configure the ignore-attached-bit parameter on all L1 routers. This makes L1 routers ignore the attached bit and install all interarea routes learned from L2 routers in their routing tables.
D
Explanation:
The attached bit is a flag in an IS-IS LSP that indicates whether a router is connected to another area or level (L2) of the network. By default, L2 routers set this bit when they advertise their LSPs to L1 routers, and L1 routers use this bit to select a default route to reach other areas or levels through L2 routers. However, this may result in suboptimal routing if there are multiple L2 routers with different paths to other areas or levels. To ensure that L1 routers have only the most specific routes available from L2 routers, you can configure the ignore-attached-bit parameter on all L1 routers. This makes L1 routers ignore the attached bit and install all interarea routes learned from L2 routers in their routing tables.
Question #10
Exhibit
CE-1 must advertise ten subnets to PE-1 using BGP Once CE-1 starts advertising the subnets to PE-1, the BGP peering state changes to Active.
Referring to the CLI output shown in the exhibit, which statement is correct?
- A . CE-1 is advertising its entire routing table.
- B . CE-1 is configured with an incorrect peer AS
- C . The prefix limit has been reached on PE-1
- D . CE-1 is unreachable
Correct Answer: C
C
Explanation:
Referring to the CLI output in the exhibit provided and considering the description of the scenario where CE-1 must advertise ten subnets to PE-1 using BGP and the BGP peering state changes to Active, here are the correct statements based on the typical behaviors and configurations in BGP:
The prefix limit has been reached on PE-1. When the BGP peering state changes to Active after the subnets are advertised, it may suggest that the maximum number of prefixes that PE-1 is configured to receive has been reached. This is indicated by the prefix-limit configuration which is set to a maximum of 5, and as CE-1 is required to advertise ten subnets, this limit is exceeded.
C
Explanation:
Referring to the CLI output in the exhibit provided and considering the description of the scenario where CE-1 must advertise ten subnets to PE-1 using BGP and the BGP peering state changes to Active, here are the correct statements based on the typical behaviors and configurations in BGP:
The prefix limit has been reached on PE-1. When the BGP peering state changes to Active after the subnets are advertised, it may suggest that the maximum number of prefixes that PE-1 is configured to receive has been reached. This is indicated by the prefix-limit configuration which is set to a maximum of 5, and as CE-1 is required to advertise ten subnets, this limit is exceeded.
Question #11
By default, which statement is correct about OSPF summary LSAs?
- A . All Type 2 and Type 7 LSAs will be summanzed into a single Type 5 LSA
- B . The area-range command must be installed on all routers.
- C . Type 3 LSAs are advertised for routes in Type 1 LSAs.
- D . The metric associated with a summary route will be equal to the lowest metric associated with an individual contributing route
Correct Answer: C
C
Explanation:
OSPF uses different types of LSAs to describe different aspects of the network topology. Type 1 LSAs are also known as router LSAs, and they describe the links and interfaces of a router within an area. Type 3 LSAs are also known as summary LSAs, and they describe routes to networks outside an area but within the same autonomous system (AS). By default, OSPF will summarize routes from Type 1 LSAs into Type 3 LSAs when advertising them across area boundaries.
C
Explanation:
OSPF uses different types of LSAs to describe different aspects of the network topology. Type 1 LSAs are also known as router LSAs, and they describe the links and interfaces of a router within an area. Type 3 LSAs are also known as summary LSAs, and they describe routes to networks outside an area but within the same autonomous system (AS). By default, OSPF will summarize routes from Type 1 LSAs into Type 3 LSAs when advertising them across area boundaries.
Question #12
When building an interprovider VPN, you notice on the PE router that you have hidden routes which are received from your BGP peer with family inet labeled-unica3t configured.
Which parameter must you configure to solve this problem?
- A . Under the family inet labeled-unicast hierarchy, add the explicit null parameter.
- B . Under the protocols ospf hierarchy, add the traffic-engineering parameter.
- C . Under the family inet labeled-unicast hierarchy, add the resolve-vpn parameter.
- D . Under the protocols mpls hierarchy, add the traffic-engineering parameter
Correct Answer: C
C
Explanation:
The resolve-vpn parameter is a BGP option that allows a router to resolve labeled VPN-IPv4 routes using unlabeled IPv4 routes received from another BGP peer with family inet labeled-unicast configured. This option enables interprovider VPNs without requiring MPLS labels between ASBRs or using VRF tables on ASBRs. In this scenario, you need to configure the resolve-vpn parameter under [edit protocols bgp group external family inet labeled-unicast] hierarchy level on both ASBRs.
C
Explanation:
The resolve-vpn parameter is a BGP option that allows a router to resolve labeled VPN-IPv4 routes using unlabeled IPv4 routes received from another BGP peer with family inet labeled-unicast configured. This option enables interprovider VPNs without requiring MPLS labels between ASBRs or using VRF tables on ASBRs. In this scenario, you need to configure the resolve-vpn parameter under [edit protocols bgp group external family inet labeled-unicast] hierarchy level on both ASBRs.
Question #13
Which two EVPN route types are used to advertise a multihomed Ethernet segment? (Choose two )
- A . Type 1
- B . Type 3
- C . Type 4
- D . Type 2
Correct Answer: A,C
A,C
Explanation:
EVPN is a solution that provides Ethernet multipoint services over MPLS networks. EVPN uses BGP to distribute endpoint provisioning information and set up pseudowires between PE devices. EVPN uses different route types to convey different information in the control plane.
The following are the main EVPN route types:
✑ Type 1 – Ethernet Auto-Discovery Route: This route type is used for network-wide messaging and discovery of other PE devices that are part of the same EVPN instance. It also carries information about the redundancy mode and load balancing algorithm of the PE devices.
✑ Type 2 – MAC/IP Advertisement Route: This route type is used for MAC and IP address learning and advertisement between PE devices. It also carries information about the Ethernet segment identifier (ESI) and the label for forwarding traffic to the MAC or IP address.
✑ Type 3 – Inclusive Multicast Ethernet Tag Route: This route type is used for broadcast, unknown unicast, and multicast (BUM) traffic forwarding. It also carries information about the multicast group and the label for forwarding BUM traffic.
✑ Type 4 – Ethernet Segment Route: This route type is used for multihoming scenarios, where a CE device is connected to more than one PE device. It also carries information about the ESI and the designated forwarder (DF) election process.
A,C
Explanation:
EVPN is a solution that provides Ethernet multipoint services over MPLS networks. EVPN uses BGP to distribute endpoint provisioning information and set up pseudowires between PE devices. EVPN uses different route types to convey different information in the control plane.
The following are the main EVPN route types:
✑ Type 1 – Ethernet Auto-Discovery Route: This route type is used for network-wide messaging and discovery of other PE devices that are part of the same EVPN instance. It also carries information about the redundancy mode and load balancing algorithm of the PE devices.
✑ Type 2 – MAC/IP Advertisement Route: This route type is used for MAC and IP address learning and advertisement between PE devices. It also carries information about the Ethernet segment identifier (ESI) and the label for forwarding traffic to the MAC or IP address.
✑ Type 3 – Inclusive Multicast Ethernet Tag Route: This route type is used for broadcast, unknown unicast, and multicast (BUM) traffic forwarding. It also carries information about the multicast group and the label for forwarding BUM traffic.
✑ Type 4 – Ethernet Segment Route: This route type is used for multihoming scenarios, where a CE device is connected to more than one PE device. It also carries information about the ESI and the designated forwarder (DF) election process.
Question #14
Exhibit
A network designer would like to create a summary route as shown in the exhibit, but the configuration is not working.
Which three configuration changes will create a summary route? (Choose three.)
- A . set policy-options policy-statement leak-v6 term DC-routes then reject
- B . delete policy-options policy-statement leak-v6 term DC-routes from route-filter 2001: db9:a: fa00 : :/6l longer
- C . set policy―options policy-statement leak-v term DC―routes from route-filter 2001:db9:a:faOO::/61 exact
- D . delete protocols isis export summary-v6
- E . set protocols isis import summary-v6
Correct Answer: B,C,D
B,C,D
Explanation:
To create a summary route for IS-IS, you need to configure a policy statement that matches the prefixes to be summarized and sets the next-hop to discard. You also need to configure a summary-address statement under the IS-IS protocol hierarchy that references the policy statement. In this case, the policy statement leak-v6 is trying to match the prefix 2001:db9:a:fa00::/61 exactly, but this prefix is not advertised by any router in the network. Therefore, no summary route is created. To fix this, you need to delete the longer keyword from the route-filter term and change the prefix length to /61 exact. This will match any prefix that falls within the /61 range. You also need to delete the export statement under protocols isis, because this will export all routes that match the policy statement to other IS-IS routers, which is not desired for a summary route.
B,C,D
Explanation:
To create a summary route for IS-IS, you need to configure a policy statement that matches the prefixes to be summarized and sets the next-hop to discard. You also need to configure a summary-address statement under the IS-IS protocol hierarchy that references the policy statement. In this case, the policy statement leak-v6 is trying to match the prefix 2001:db9:a:fa00::/61 exactly, but this prefix is not advertised by any router in the network. Therefore, no summary route is created. To fix this, you need to delete the longer keyword from the route-filter term and change the prefix length to /61 exact. This will match any prefix that falls within the /61 range. You also need to delete the export statement under protocols isis, because this will export all routes that match the policy statement to other IS-IS routers, which is not desired for a summary route.
Question #15
An interface is configured with a behavior aggregate classifier and a multifield classifier How will the packet be processed when received on this interface?
- A . The packet will be discarded.
- B . The packet will be processed by the BA classifier first, then the MF classifier.
- C . The packet will be forwarded with no classification changes.
- D . The packet will be processed by the MF classifier first, then the BA classifier.
Correct Answer: D
D
Explanation:
In Junos, when both a behavior aggregate (BA) classifier and a multifield (MF) classifier are configured on an interface, the multifield classifier is evaluated first because it is more specific. If the packet does not match any of the multifield classifier terms, then the behavior aggregate classifier is used. The BA classifier typically classifies based on the DSCP or EXP bits, while the MF classifier can match on multiple fields in the packet header, like source and destination IP address, ports, etc.
D
Explanation:
In Junos, when both a behavior aggregate (BA) classifier and a multifield (MF) classifier are configured on an interface, the multifield classifier is evaluated first because it is more specific. If the packet does not match any of the multifield classifier terms, then the behavior aggregate classifier is used. The BA classifier typically classifies based on the DSCP or EXP bits, while the MF classifier can match on multiple fields in the packet header, like source and destination IP address, ports, etc.
Question #16
Exhibit
A network is using IS-IS for routing.
In this scenario, why are there two TLVs shown in the exhibit?
- A . There are both narrow and wide metric devices in the topology
- B . The interface specified a metric of 100 for L2.
- C . Wide metrics have specifically been requested
- D . Both IPv4 and IPv6 are being used in the topology
Correct Answer: A
A
Explanation:
TLVs are tuples of (Type, Length, Value) that can be advertised in IS-IS packets. TLVs can carry different kinds of information in the Link State Packets (LSPs). IS-IS supports both narrow and wide metrics for link costs. Narrow metrics use a single octet to encode the link cost, while wide metrics use three octets. Narrow metrics have a maximum value of 63, while wide metrics have a maximum value of 16777215. If there are both narrow and wide metric devices in the topology, IS-IS will advertise two TLVs for each link: one with the narrow metric and one with the wide metric. This allows backward compatibility with older devices that only support narrow metrics12.
A
Explanation:
TLVs are tuples of (Type, Length, Value) that can be advertised in IS-IS packets. TLVs can carry different kinds of information in the Link State Packets (LSPs). IS-IS supports both narrow and wide metrics for link costs. Narrow metrics use a single octet to encode the link cost, while wide metrics use three octets. Narrow metrics have a maximum value of 63, while wide metrics have a maximum value of 16777215. If there are both narrow and wide metric devices in the topology, IS-IS will advertise two TLVs for each link: one with the narrow metric and one with the wide metric. This allows backward compatibility with older devices that only support narrow metrics12.
Question #17
In IS-IS, which two statements are correct about the designated intermediate system (DIS) on a multi-access network segment? (Choose two)
- A . A router with a priority of 10 wins the DIS election over a router with a priority of 1.
- B . A router with a priority of 1 wins the DIS election over a router with a priority of 10.
- C . On the multi-access network, each router forms an adjacency to every other router on the segment
- D . On the multi-access network, each router only forms an adjacency to the DIS.
Correct Answer: A,D
A,D
Explanation:
In IS-IS, a designated intermediate system (DIS) is a router that is elected on a multi-access network segment (such as Ethernet) to perform some functions on behalf of other routers on the same segment. A DIS is responsible for sending network link-state advertisements (LSPs), which describe all the routers attached to the network. These LSPs are flooded throughout a single area. A DIS also generates pseudonode LSPs, which represent the multi-access network as a single node in the link-state database. A DIS election is based on the priority value configured on each router’s interface connected to the multi-access network. The priority value ranges from 0 to 127, with higher values indicating higher priority. The router with the highest priority becomes the DIS for the area (Level 1, Level 2, or both). If routers have the same priority, then the router with the highest MAC address is elected as the DIS. By default, routers have a priority value of 64. On a multi-access network, each router only forms an adjacency to the DIS, not to every other router on the segment. This reduces the amount of hello packets and LSP
A,D
Explanation:
In IS-IS, a designated intermediate system (DIS) is a router that is elected on a multi-access network segment (such as Ethernet) to perform some functions on behalf of other routers on the same segment. A DIS is responsible for sending network link-state advertisements (LSPs), which describe all the routers attached to the network. These LSPs are flooded throughout a single area. A DIS also generates pseudonode LSPs, which represent the multi-access network as a single node in the link-state database. A DIS election is based on the priority value configured on each router’s interface connected to the multi-access network. The priority value ranges from 0 to 127, with higher values indicating higher priority. The router with the highest priority becomes the DIS for the area (Level 1, Level 2, or both). If routers have the same priority, then the router with the highest MAC address is elected as the DIS. By default, routers have a priority value of 64. On a multi-access network, each router only forms an adjacency to the DIS, not to every other router on the segment. This reduces the amount of hello packets and LSP
Question #18
Exhibit
You are attempting to summarize routes from the 203.0.113.128/25 IP block on R8 to AS 64500. You implement the export policy shown in the exhibit and all routes from the routing table stop being advertised.
In this scenario, which two steps would you take to summarize the route in BGP? (Choose two.)
- A . Remove the from protocol bgp command from the export policy.
- B . Add the set protocols bgp family inet unicast add-path command to allow additional routes to the RIB tables.
- C . Add the set routing-options static route 203.0.113.123/25 discard command.
- D . Replace exact in the export policy with orlonger.
Correct Answer: C,D
C,D
Explanation:
To summarize routes from the 203.0.113.128/25 IP block on R8 to AS 64500, you need to do the following:
✑ Add the set routing-options static route 203.0.113.128/25 discard command. This creates a static route for the summary prefix and discards any traffic destined to it. This is necessary because BGP can only advertise routes that are present in the routing table.
✑ Replace exact in the export policy with orlonger. This allows R8 to match and advertise any route that is equal or more specific than the summary prefix. The exact term only matches routes that are exactly equal to the summary prefix, which is not present in the routing table.
C,D
Explanation:
To summarize routes from the 203.0.113.128/25 IP block on R8 to AS 64500, you need to do the following:
✑ Add the set routing-options static route 203.0.113.128/25 discard command. This creates a static route for the summary prefix and discards any traffic destined to it. This is necessary because BGP can only advertise routes that are present in the routing table.
✑ Replace exact in the export policy with orlonger. This allows R8 to match and advertise any route that is equal or more specific than the summary prefix. The exact term only matches routes that are exactly equal to the summary prefix, which is not present in the routing table.
Question #19
Exhibit
You must ensure that the VPN backbone is preferred over the back door intra-area link as long as the VPN is available. Referring to the exhibit, which action will accomplish this task?
- A . Configure an import routing policy on the CE routers that rejects OSPF routes learned on the backup intra-area link.
- B . Enable OSPF traffic-engineering.
- C . Configure the OSPF metric on the backup intra-area link that is higher than the L3VPN
link. - D . Create an OSPF sham link between the PE routers.
Correct Answer: D
D
Explanation:
A sham link is a logical link between two PE routers that belong to the same OSPF area but are connected through an L3VPN. A sham link makes the PE routers appear as if they are directly connected, and prevents OSPF from preferring an intra-area back door link over the VPN backbone. To create a sham link, you need to configure the local and remote addresses of the PE routers under the [edit protocols ospf area area-id] hierarchy level1.
D
Explanation:
A sham link is a logical link between two PE routers that belong to the same OSPF area but are connected through an L3VPN. A sham link makes the PE routers appear as if they are directly connected, and prevents OSPF from preferring an intra-area back door link over the VPN backbone. To create a sham link, you need to configure the local and remote addresses of the PE routers under the [edit protocols ospf area area-id] hierarchy level1.
Question #20
Exhibit
Which two statements about the output shown in the exhibit are correct? (Choose two.)
- A . The PE is attached to a single local site.
- B . The connection has not flapped since it was initiated.
- C . There has been a VLAN ID mismatch.
- D . The PE router has the capability to pop flow labels
Correct Answer: A,B
A,B
Explanation:
The PE is attached to a single local site.
The output shows "Local site: CE1-2 (2)", which indicates that the Provider Edge (PE) router is connected to a single local site labeled as CE1-2, and the number (2) likely represents the site identifier.
The connection has not flapped since it was initiated.
The output "Time last up" shows a timestamp without any indication of recent flaps or downtime. If the connection had flapped, you would typically see a recent timestamp indicating the last transition to the "up" state. The absence of such information or a counter for flaps/down suggests that the connection has remained stable since it was brought up.
A,B
Explanation:
The PE is attached to a single local site.
The output shows "Local site: CE1-2 (2)", which indicates that the Provider Edge (PE) router is connected to a single local site labeled as CE1-2, and the number (2) likely represents the site identifier.
The connection has not flapped since it was initiated.
The output "Time last up" shows a timestamp without any indication of recent flaps or downtime. If the connection had flapped, you would typically see a recent timestamp indicating the last transition to the "up" state. The absence of such information or a counter for flaps/down suggests that the connection has remained stable since it was brought up.
Question #21
Which two statements are correct regarding bootstrap messages that are forwarded within a PIM sparse mode domain? (Choose two.)
- A . Bootstrap messages are forwarded only to routers that explicitly requested the messages within the PIM sparse-mode domain
- B . Bootstrap messages distribute RP information dynamically during an RP election.
- C . Bootstrap messages are used to notify which router is the PIM RP
- D . Bootstrap messages are forwarded to all routers within a PIM sparse-mode domain.
Correct Answer: B,D
B,D
Explanation:
Bootstrap messages are PIM messages that are used to distribute rendezvous point (RP) information dynamically during an RP election. Bootstrap messages are sent by bootstrap routers (BSRs), which are routers that are elected to perform the RP discovery function for a PIM sparse-mode domain. Bootstrap messages contain information about candidate RPs and their multicast groups, as well as BSR priority and hash mask length. Bootstrap messages are forwarded to all routers within a PIM sparse-mode domain using hop-by-hop flooding.
B,D
Explanation:
Bootstrap messages are PIM messages that are used to distribute rendezvous point (RP) information dynamically during an RP election. Bootstrap messages are sent by bootstrap routers (BSRs), which are routers that are elected to perform the RP discovery function for a PIM sparse-mode domain. Bootstrap messages contain information about candidate RPs and their multicast groups, as well as BSR priority and hash mask length. Bootstrap messages are forwarded to all routers within a PIM sparse-mode domain using hop-by-hop flooding.
Question #22
Exhibit
R1 and R8 are not receiving each other’s routes
Referring to the exhibit, what are three configuration commands that would solve this problem? (Choose three.)
- A . Configure loops and advertise-peer-as on routers in AS 64497 and AS 64450.
- B . Configure loops on routers in AS 65412 and advertise-peer-as on routers in AS 64498.
- C . Configure as-override on advertisement from AS 64500 toward AS 64512.
- D . Configure remove-private on advertisements from AS 64497 toward AS 64498
- E . Configure remove-private on advertisements from AS 64500 toward AS 64499
Correct Answer: C,D,E
C,D,E
Explanation:
In the scenario described in the exhibit where R1 and R8 are not receiving each other’s routes, here are three configuration commands that could potentially solve the problem, based on common BGP configurations and issues:
Configure as-override on advertisement from AS 64500 toward AS 64512.
The as-override command replaces the originating AS number with the local AS number in the AS_PATH attribute when sending BGP updates to a client in a confederation or when routes are advertised to eBGP peers in the same AS. This can be necessary when routers in different ASNs are not accepting routes due to AS path loop prevention mechanisms.
Configure remove-private on advertisements from AS 64497 toward AS 64498.
The remove-private command removes private AS numbers from the AS_PATH in BGP updates. This is often used when advertising routes to the internet, where private AS numbers should not be present. If R1 and R8 are filtering routes based on the presence of private AS numbers, this command could resolve the issue.
Configure remove-private on advertisements from AS 64500 toward AS 64499.
Similarly to the previous point, this command would remove private AS numbers from the AS_PATH when AS 64500 is advertising to AS 64499. If these routes are then being advertised to R1 and R8, and the presence of private AS numbers is causing route rejection, this could resolve the issue.
C,D,E
Explanation:
In the scenario described in the exhibit where R1 and R8 are not receiving each other’s routes, here are three configuration commands that could potentially solve the problem, based on common BGP configurations and issues:
Configure as-override on advertisement from AS 64500 toward AS 64512.
The as-override command replaces the originating AS number with the local AS number in the AS_PATH attribute when sending BGP updates to a client in a confederation or when routes are advertised to eBGP peers in the same AS. This can be necessary when routers in different ASNs are not accepting routes due to AS path loop prevention mechanisms.
Configure remove-private on advertisements from AS 64497 toward AS 64498.
The remove-private command removes private AS numbers from the AS_PATH in BGP updates. This is often used when advertising routes to the internet, where private AS numbers should not be present. If R1 and R8 are filtering routes based on the presence of private AS numbers, this command could resolve the issue.
Configure remove-private on advertisements from AS 64500 toward AS 64499.
Similarly to the previous point, this command would remove private AS numbers from the AS_PATH when AS 64500 is advertising to AS 64499. If these routes are then being advertised to R1 and R8, and the presence of private AS numbers is causing route rejection, this could resolve the issue.
Question #23
Which statement is true regarding BGP FlowSpec?
- A . It uses a remote triggered black hole to protect a network from a denial-of-service attack.
- B . It uses dynamically created routing policies to protect a network from denial-of-service attacks
- C . It is used to protect a network from denial-of-service attacks dynamically
- D . It verifies that the source IP of the incoming packet has a resolvable route in the routing table
Correct Answer: B
B
Explanation:
BGP FlowSpec is a feature that extends the Border Gateway Protocol (BGP) to enable routers to exchange traffic flow specifications, allowing for more precise control of network traffic. The BGP FlowSpec feature enables routers to advertise and receive information about specific flows in the network, such as those originating from a particular source or destined for a particular destination. Routers can then use this information to construct traffic filters that allow or deny packets of a certain type, rate limit flows, or perform other actions1. BGP FlowSpec can also help in filtering traffic and taking action against distributed denial of service (DDoS) attacks by dropping the DDoS traffic or diverting it to an analyzer2. BGP FlowSpec rules are internally converted to equivalent Cisco Common Classification Policy Language (C3PL) representing corresponding match and action parameters2. Therefore, BGP FlowSpec uses dynamically created routing policies to protect a network from denial-of-service attacks.
References:
1: https://www.networkingsignal.com/what-is-bgp-flowspec/
2: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-16/irg-xe-16-book/bgp-flowspec-route-reflector-support.html
B
Explanation:
BGP FlowSpec is a feature that extends the Border Gateway Protocol (BGP) to enable routers to exchange traffic flow specifications, allowing for more precise control of network traffic. The BGP FlowSpec feature enables routers to advertise and receive information about specific flows in the network, such as those originating from a particular source or destined for a particular destination. Routers can then use this information to construct traffic filters that allow or deny packets of a certain type, rate limit flows, or perform other actions1. BGP FlowSpec can also help in filtering traffic and taking action against distributed denial of service (DDoS) attacks by dropping the DDoS traffic or diverting it to an analyzer2. BGP FlowSpec rules are internally converted to equivalent Cisco Common Classification Policy Language (C3PL) representing corresponding match and action parameters2. Therefore, BGP FlowSpec uses dynamically created routing policies to protect a network from denial-of-service attacks.
References:
1: https://www.networkingsignal.com/what-is-bgp-flowspec/
2: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-16/irg-xe-16-book/bgp-flowspec-route-reflector-support.html
Question #24
Exhibit
You have MAC addresses moving in your EVPN environment
Referring to the exhibit, which two statements are correct about the sequence number? (Choose two)
- A . It identifies MAC addresses that should be discarded.
- B . It resolves conflicting MAC address ownership claims.
- C . It helps the local PE to identify the latest advertisement.
- D . It is advertised using a Type 2 message
Correct Answer: B,C
B,C
Explanation:
The sequence number is a field in the MAC mobility extended community that is used to resolve conflicting MAC address ownership claims and to help the local PE to identify the latest advertisement. The sequence number is incremented by one for every MAC address mobility event, such as when a host moves from one Ethernet segment to another segment in the EVPN network. The PE device that receives multiple MAC advertisements for the same MAC address chooses the one with the highest sequence number as the most recent and valid advertisement.
B,C
Explanation:
The sequence number is a field in the MAC mobility extended community that is used to resolve conflicting MAC address ownership claims and to help the local PE to identify the latest advertisement. The sequence number is incremented by one for every MAC address mobility event, such as when a host moves from one Ethernet segment to another segment in the EVPN network. The PE device that receives multiple MAC advertisements for the same MAC address chooses the one with the highest sequence number as the most recent and valid advertisement.
Question #25
You are responding to an RFP for a new MPLS VPN implementation. The solution must use LDP for signaling and support Layer 2 connectivity without using BGP. The solution must be scalable and support multiple VPN connections over a single MPLS LSP The customer wants to maintain all routing for their Private network
In this scenario, which solution do you propose?
- A . circuit cross-connect
- B . BGP Layer 2 VPN
- C . LDP Layer 2 circuit
- D . translational cross-connect
Correct Answer: C
C
Explanation:
AToM (Any Transport over MPLS) is a framework that supports various Layer 2 transport types over an MPLS network core. One of the transport types supported by AToM is LDP Layer 2 circuit, which is a point-to-point Layer 2 connection that uses LDP for signaling and MPLS for forwarding. LDP Layer 2 circuit can support Layer 2 connectivity without using BGP and can be scalable and efficient by using a single MPLS LSP for multiple VPN connections. The customer can maintain all routing for their private network by using their own CE switches.
C
Explanation:
AToM (Any Transport over MPLS) is a framework that supports various Layer 2 transport types over an MPLS network core. One of the transport types supported by AToM is LDP Layer 2 circuit, which is a point-to-point Layer 2 connection that uses LDP for signaling and MPLS for forwarding. LDP Layer 2 circuit can support Layer 2 connectivity without using BGP and can be scalable and efficient by using a single MPLS LSP for multiple VPN connections. The customer can maintain all routing for their private network by using their own CE switches.