2.0 Virtualization Domain 10% Flashcards
The basis of the SD-Access control plane and is used to manage the mappings between endpoint identifiers (EIDs) which are assigned to hosts and routing locators (RLOCs) which are assigned to routers.
Locator/ID Separation Protocol (LISP)
Manages the endpoint to fabric node mapping
Host Tracking Database (HTDB)
LISP device that encapsulates IP packets from Endpoint Identifiers (EIDs) that have destinations to a different LISP site.
Ingress Tunnel Router (ITR)
Encapsulates traffic from non-LISP sites destined for EIDs at LISP sites
Proxy Ingress Tunnel Router
(PITR)
device that de-encapsulates LISP packets from EIDs that reside outside the LISP site but have destinations the lie inside the LISP site
Egress Tunnel Router (ETR)
ETR router uses to send traffic to non-LISP sites
Proxy Egress Tunnel Router
(PETR)
Single device that combines both ITR and ETR LISP functions
Tunnel Router
(xTR)
- accepts encapsulated Map-Request messages from the ITRs,
- dencapsulate those messages,
- forwards towards the ETRs
LISP Map Resolver
(MR)
Basis of the SD-Access data plane and is used to extend and enchance VLAN capabilities by overlaying a layer 2 network on top of a layer 3 network
Virtual Extensible Local Area Network
(VXLAN)
What encapsulation method is used in VXLAN to transport layer 2 data over an IP-based underlay?
User Datagram Protocol
24-bit segment ID that replaces the VLAN ID and extends layer 2 segmentation from 4,094 possible VLANS to 16 million broadcast domains
VXLAN Network Identifier
(VNID)
What does VXLAN use for loop protection?
Layer 3 routing protocols and Equal Cost Multipathing (ECMP)
Draft IETF standard that redefines a reserved portion of the standard VXLAN header to inclue Security Group Tag (SGT) information.
VXLAN Group Policy Option
(VXLAN-GPO)
device that provides the encapsulation and deencapsulation for the VXLAN
Virtual Tunnel Endpoint
(VTEP)
logical interface where the VXLAN encapsulation and deencapsulation occurs
Network Virtual Interface (NVI)
network virtualization mechanism that enables a single layer 3 router to function as multiple virtual routers
Virtual Routing and Forwarding
(VRF)
an open standard that operates at the Network layer and is responsible for securing VPN traffic by providing device authentication, data encryption, and data integrity
IPSec
What encryption methods are supported by IPSec
- Data Encrytpion Standard (DES)
- Triple DES (3DES)
- Advanced Encryption Standard (AES)
What command creates and names a VRF?
ip vrf vrf-name
What command within the VRF configuration is used to distinguish routing domains?
rd asn:arbitrary#
What command is required if BGP is running in the VRF and creates a list of import and export route target (RT) communities for the VRF?
route-target {export | import | both} asn:arbitrary#
What command is used to associate interfaces with the VRF?
within the interface configuration mode of each interface you want to participate in the VRF issue:
ip vrf forwarding vrf-name
which command was issued to produce the following output:
show ip vrf detail vrf-name
What command is used to create the logical interface of a tunnel?
interface tunnel tunnel-number
Cisco IOS defaults to what mode of GRE?
IPv4 GRE
What command with the tunnel configuration is used to assign the virtual interface of the tunnel?
ip address ipv4-address
what commands identify the source and destination ip addresses of the physical intefaces?
tunnel source ip-address of source router
tunnel destination ip-address of destination router
What command produced the following output?
show interfaces tunnel tunnel-number
What IP protocol needs to be allowed by and ACL or firewall if GRE tunnels are being used?
IP protocol 47
What type of hypervisor doesn’t require a host OS?
Type 1
What are some examples of type 1 hypervisors?
VMWare ESXi and Microsof Hyper-V
What are some examples of type 2 hypervisors?
Oracle Virtual Box
VMWare Fusion
VMWare Player
Emulates the physical hardware of a host computer system such as a desktop or server
Virtual Machine
Allows VMs to quickly and easily migrate between host machines
Encapsulation
Ensures that a VM can migrate to any physical host with the appropriate resources
Hardware Independance
- Is an ETSI standard that defines the decoupling of network functions (NFs) from hardware
- used to create appliances, such as load balancers, firewalls and intrusion detection systems (IDSs),
- can perform the functions of their physical counterparts without being confined to a dedicated hardware platform
Network Functions Virtualization (NFV)
T/F a vSwitch is a virtualized switch that emulates a physical multilayer switch?
False
a vSwitch can only emulate a physical layer 2 switch
What are some common Cisco VNFs
Cisco Cloud Services Router 1000v (CWR 1000v)
Cisoco Integrated Services Virtual Router (ISRv)
Cisco NextGen Firewall Virtual Appliance (NGFWv)
What are some limitations of a vSwitch?
- cannot share a connection to a physical NIC with another vSwitch
- two vSwitches cannot be connected together
What hash algorithms are used by IPSec to ensure data integrity?
Message Digest 5 (MD5) or
Secure Hash Algorithm 1 (SHA 1)
What are Authentication methods used by IPSec?
Pre-Shared Keys
Digital Signatures
