Download New Updated (July) Cisco 400-101 Actual Test 341-350

Ensurepass

 

QUESTION 341

For which kind of MPLS deployment is the next-hop-self all keyword used on a BGP neighbor command?

 

A.

6VPE

B.

MPLS Carrier’s carrier

C.

inter-AS MPLS VPN option D

D.

inter-AS MPLS VPN option C

E.

Unified MPLS

 

Correct Answer: E

Explanation:

Since the core and aggregation parts of the network are integrated and end-to-end LSPs are provided, the Unified MPLS solution is also referred to as “Seamless MPLS.”

New technologies or protocols are not used here, only MPLS, Label Distribution Protocol (LDP), IGP, and BGP. Since you do not want to distribute the loopback prefixes of the PE routers from one part of the network into another part, you need to carry the prefixes in BGP. The Internal Border Gateway Protocol (iBGP) is used in one network, so the next hop address of the prefixes is the loopback prefixes of the PE routers, which is not known by the IGP in the other parts of the network. This means that the next hop address cannot be used to recurse to an IGP prefix. The trick is to make the ABR routers Route Reflectors (RR) and set the next hop to self, even for the reflected iBGP prefixes. In order for this to work, a new knob is needed.

Only the RRs need newer software to support this architecture. Since the RRs advertise the BGP prefixes with the next hop set to themselves, they assign a local MPLS label to the BGP prefixes. This means that in the data plane, the packets forwarded on these end-to-end LSPs have an extra MPLS label in the label stack. The RRs are in the forwarding path.

There are two possible scenarios:

In both scenarios, the ABR sets the next hop to self for the prefixes advertised (reflected by BGP) by the ABR from the aggregation part of the network into the core part. If this is not done, the ABR needs to redistribute the loopback prefixes of the PEs from the aggregation IGP into the core IGP.

If this is done, there is no scalability.

In order to set the next hop to self for reflected iBGP routes, you must configure the neighbor x.x.x.x next-hop-self all command.

Reference: http://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switching-mpls/mpls/116127-configure-technology-00.html

 

 

QUESTION 342

Refer to the exhibit. Which statement is true?

 

clip_image002

 

A.

R1 routes this pseudowire over MPLS TE tunnel 1 with transport label 20.

B.

The default route 0.0.0.0/0 is available in the IPv4 routing table.

C.

R1 is using an MPLS TE tunnel for this pseudowire, because the IP path is not available.

D.

R1 has preferred-path configured for the pseudowire.

 

Correct Answer: D

Explanation:

Verifying the Configuration:

Example:

In the following example, the show mpls l2transport vc command shows the following information (in bold) about the VCs:

 

VC 101 has been assigned a preferred path called Tunnel1. The default path is disabled because

VC 150 has been assigned an IP address of a loopback address on PE2. The default path can be used if the preferred path fails.

 

Router# show mpls l2transport vc detail

 

Local interfacE. Gi0/0/0.1 up, line protocol up, Eth VLAN 222 up

Destination address: 10.16.16.16, VC ID. 101, VC status: up

Preferred path: Tunnel1, active

Default path: disabled

Tunnel label: 3, next hop point2point

Output interfacE. Tu1, imposed label stack {17 16}

Create timE. 00:27:31, last status change time. 00:27:31

Signaling protocol: LDP, peer 10.16.16.16:0 up

MPLS VC labels: local 25, remote 16

Group ID. local 0, remote 6

MTU: local 1500, remote 1500

Remote interface description:

Sequencing: receive disabled, send disabled

VC statistics:

packet totals: receive 10, send 10

byte totals: receive 1260, send 1300

packet drops: receive 0, send 0

 

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2sr/12_2sra/feature/guide/srtunsel.html#wp1057815

 

 

QUESTION 343

What is a reason for 6PE to use two MPLS labels in the data plane instead of one?

 

A.

6PE allows penultimate hop popping and has a requirement that all P routers do not have to be IPv6 aware.

B.

6PE does not allow penultimate hop popping.

C.

It allows MPLS traffic engineering to work in a 6PE network.

D.

It allows 6PE to work in an MPLS network where 6VPE is also deployed.

 

Correct Answer: A

Explanation:

Q. Why does 6PE use two MPLS labels in the data plane?

A. 6PE uses two labels:

When the 6PE was released, a main requirement was that none of the MPLS core routers (the P routers) had to be IPv6-aware. That requirement drove the need for two labels in the data plane.

There are two reasons why the 6PE needs both labels.

PHP Functionality

If only the transport label were used, and if penultimate hop popping (PHP) were used, the penultimate hop router (the P router) would need to understand IPv6. With PHP, this penultimate hop router would need to remove the MPLS label and forward the packet as an IPv6 packet. This P router would need to know that the packet is IPv6 because the P router would need to use the correct Layer 2 encapsulation type for IPv6. (The encapsulation type is different for IPv6 and IPv4; for example, for Ethernet, the encapsulation type is 0x86DD for IPv6, while it is 0x0800 for IPv4.) If the penultimate hop router is not IPv6-capable, it would likely put the Layer 2 encapsulation type for IPv4 for the IPv6 packet. The egress PE router would then believe that the packet was IPv4.

There is time-to-live (TTL) processing in both the IPv4 and IPv6 headers. In IPv6, the field is called Hop Limit. The IPv4 and IPv6 fields are at different locations in the headers. Also, the Header Checksum in the IPv4 header would also need to be changed; there is no Header Checksum field in IPv6. If the penultimate hop router is not IPv6-capable, it would cause the IPv6 packet to be malformed since the router expects to find the TTL field and Header Checksum field in the header. Because of these differences, the penultimate hop router would need to know it is an IPv6 packet. How would this router know that the packet is an IPv6 packet, since it did not assign a label to the IPv6 Forwarding Equivalence Class (FEC), and there is no encapsulation field in the MPLS header? It could scan for the first nibble after the label stack and determine that the packet is IPv6 if the value is 6. However, that implies that the penultimate hop router needs to be IPv6-capable. This scenario could work if the explicit null label is used (hence no PHP). However, the decision was to require PHP.

Load Balancing

Typical load balancing on a P router follows this process. The P router goes to the end of the label stack and determines if it is an IPv4 packet by looking at the first nibble after the label stack. In the 6PE scenario, imagine there are two egress PE routers advertising one IPv6 prefix in BGP towards the ingress PE router. This IPv6 prefix would be advertised with two different labels in BGP. Hence, in the data plane, the bottom label would be either of the two labels. This would allow a P router to load balance on the bottom label on a per-flow basis. If 6PE used only the transport label to transport the 6PE packets through the MPLS core, the P routers would not be able to load balance these packets on a per-flow basis unless the P routers were IPv6-capable. If the P routers were IPv6-capable, they could use the source and destination IPv6 addresses in order to make a load balancing decision.

Reference: http://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switching-mpls/mpls/116061-qa-6pe-00.html

 

 

QUESTION 344

A service provider is deploying L2VPN LAN services in its MPLS cloud. Which statement is true regarding LDP signaling and autodiscovery?

 

A.

LDP signaling requires that each PE is identified, and that an LDP session is active with its P neighbor for autodiscovery to take place.

B.

LDP signaling requires that each P is identified, and that a targeted LDP session is active for autodiscovery to take place.

C.

LDP signaling requires that each PE is identified, and that a targeted LDP session with a BGP route reflector is active for autodiscovery to take place.

D.

LDP signaling requires that each PE is identified, and that a targeted LDP session is active for autodiscovery to take place.

 

Correct Answer: D

Explanation:

LDP signaling requires that each PE is identified and a targeted LDP session is active for autodiscovery to take place. Although the configuration can be automated using NMS/OSS the overall scalability of the solution is poor as a PE must be associated with all other PEs for LDP discovery to work, which can lead to a large number of targeted LDP sessions (n2), which may be largely unused as not all VPLS will be associated with every PE. The security attributes of LDP are reasonably good, although additional configuration is required to prevent unauthorized sessions being set up. Although LDP can signal additional attributes, it requires additional configuration either from an NMS/OSS or static configuration.

Reference: http://www.cisco.com/en/US/products/hw/routers/ps368/products_white_paper09186a00801f6084.shtml

 

 

QUESTION 345

Refer to the exhibit. Which two corrective actions could you take if EIGRP routes from R2 fail to reach R1? (Choose two.)

 

clip_image004

 

A.

Configure R2 to use a VRF to send routes to R1.

B.

Configure the autonomous system in the EIGRP configuration of R1.

C.

Correct the network statement on R2.

D.

Add the interface on R1 that is connected to R2 into a VRF.

 

Correct Answer: BD

Explanation:

In this question we are running VRF Lite on R1. VRF Lite is also knows as “VRF without running MPLS”. This is an example of how to configure VRF Lite with EIGRP:

ip vrf FIRSTrd 1:1

!

ip vrf SECONDrd 1:2

!

router eigrp 1

no auto-summary

!

address-family ipv4 vrf FIRST

network 10.1.1.1 0.0.0.0

no auto-summary

autonomous-system 200

exit-address-family

!

address-family ipv4 vrf SECOND

network 10.1.2.1 0.0.0.0

no auto-summary

autonomous-system 100

exit-address-family

!

interface FastEthernet0/0

ip vrf forwarding FIRST

ip address 10.1.1.1 255.255.255.0

!

interface FastEthernet0/1

ip vrf forwarding SECOND

ip address 10.1.2.1 255.255.255.0

The above example creates two VRFs (named “FIRST” and “SECOND”). VRF “FIRST” runs on EIGRP AS 200 while VRF “SECOND” runs on EIGRP AS 100. After that we have to add interfaces to the appropriate VRFs. From this example, back to our question we can see that R1 is missing the “autonomous-system …” command under “address-family ipv4 vrf R2. And R1 needs an interface configured under that VRF.

Note. R2 does not run VRF at all! Usually R2 resides on customer side.

 

 

QUESTION 346

Which attribute is not part of the BGP extended community when a PE creates a VPN-IPv4 route while running OSPF between PE-CE?

 

A.

OSPF domain identifier

B.

OSPF route type

C.

OSPF router ID

D.

MED

E.

OSPF network type

 

Correct Answer: E

Explanation:

By process of elimination, from RFC 4577:

For every address prefix that was installed in the VRF by one of its associated OSPF instances, the PE must create a VPN-IPv4 route in BGP. Each such route will have some of the following Extended Communities attributes:

– The OSPF Domain Identifier Extended Communities attribute. If the OSPF instance that installed the route has a non-NULL primary Domain Identifier, this MUST be present; if that OSPF instance has only a NULL Domain Identifier, it MAY be omitted.

– OSPF Route Type Extended Communities Attribute. This attribute MUST be present. It is encoded with a two-byte type field, and its type is 0306.

– OSPF Router ID Extended Communities Attribute. This OPTIONAL attribute specifies the OSPF Router ID of the system that is identified in the BGP Next Hop attribute. More precisely, it specifies the OSPF Router Id of the PE in the OSPF instance that installed the route into the VRF from which this route was exported.

– MED (Multi_EXIT_DISC attribute). By default, this SHOULD be set to the value of the OSPF distance associated with the route, plus 1.

Reference: https://tools.ietf.org/html/rfc4577

 

 

 

 

QUESTION 347

What is a disadvantage of using aggressive mode instead of main mode for ISAKMP/IPsec establishment?

 

A.

It does not use Diffie-Hellman for secret exchange.

B.

It does not support dead peer detection.

C.

It does not support NAT traversal.

D.

It does not hide the identity of the peer.

 

Correct Answer: D

Explanation:

IKE phase 1’s purpose is to establish a secure authenticated communication channel by using the Diffie-Hellman key exchange algorithm to generate a shared secret key to encrypt further IKE communications. This negotiation results in one single bi-directional ISAKMP Security Association (SA). The authentication can be performed using either pre-shared key (shared secret), signatures, or public key encryption.Phase 1 operates in either Main Mode or Aggressive Mode. Main Mode protects the identity of the peers; Aggressive Mode does not.

Reference: http://en.wikipedia.org/wiki/Internet_Key
_Exchange

 

 

QUESTION 348

Which two statements are true about an EVPL? (Choose two.)

 

A.

It has a high degree of transparency.

B.

It does not allow for service multiplexing.

C.

The EVPL service is also referred to as E-line.

D.

It is a point-to-point Ethernet connection between a pair of UNIs.

 

Correct Answer: CD

Explanation:

Following the MEF approach, the services that comprise the Metro Ethernet (ME) solution can be classified into the following two general categories:

Point-to-point (PtP)–A single point-to-point Ethernet circuit provisioned between two User Network Interfaces (UNIs).

Multipoint-to-multipoint (MPtMP)–A single multipoint-to-multipoint Ethernet circuit provisioned between two or more UNIs. When there are only two UNIs in the circuit, more UNIs can be added to the same Ethernet virtual connection if required, which distinguishes this from the point-to-point type.

In the MEF terminology, this maps to the following Ethernet service types:

Ethernet Line Service Type (E-Line)–Point-to-point Ethernet service

Ethernet LAN Service Type (E-LAN)–Multipoint-to-multipoint Ethernet service

Reference: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Data_Center/HA_Clusters/HA_Clusters/ HA_ME3_6.pdf

 

 

QUESTION 349

Which two statements are true about OTV? (Choose two.)

 

A.

It relies on flooding to propagate MAC address reachability information.

B.

It uses a full mesh of point-to-multipoint tunnels to prevent head-end replication of multicast traffic.

C.

It can work over any transport that can forward IP packets.

D.

It supports automatic detection of multihoming.

Correct Answer: CD

Explanation:

The overlay nature of OTV allows it to work over any transport as long as this transport can forward IP packets. Any optimizations performed for IP in the transport will benefit the OTV encapsulated traffic.

As part of the OTV control protocol, automatic detection of multihoming is included. This feature enables the multihoming of sites without requiring additional configuration or protocols.

Reference: http://www.cisco.com/c/en/us/products/collateral/switches/nexus-7000-series-switches/white_paper_c11-574984.html

 

 

QUESTION 350

Which technology facilitates neighbor IP address resolution in DMVPN?

 

A.

CEF

B.

mGRE

C.

a dynamic routing protocol

D.

NHRP

 

Correct Answer: D

Explanation:

NHRP Used with a DMVPN

NHRP is used to facilitate building a VPN and provides address resolution in DMVPN. In this context, a VPN consists of a virtual Layer 3 network that is built on top of an actual Layer 3 network. The topology you use over the VPN is largely independent of the underlying network, and the protocols you run over it are completely independent of it. The VPN network (DMVPN) is based on GRE IP logical tunnels that can be protected by adding in IPsec to encrypt the GRE IP tunnels.

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_4/ip_addr/configuration/guide/hadnhrp.html#wp1057255

 

Free VCE & PDF File for Cisco 400-101 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …

Comments are closed.