Architecture II (FHRP's, SD-Access, SD-WAN)

Question 1

FHRP

Answer 1

First Hop Redundancy Protocol

Question 2

Where does the Layer 3 boundary take place while using an FHRP protocol?

Answer 2

Access Layer - Access Layer Switches can use a directly connected layer 3 switch as the default gateway. The connected layer 3 switch can use dynamic routing protocols to provide redundancy and load sharing.

Question 3

FHRP and Access layer Switching (as opposed to routing)

Answer 3

Access Layer Switches must therefore use a default gateway that is NOT directly connected. If access to the default gateway is disrupted, the layer 2 (access-layer-switches) will not have connectivity outside of their own VLAN.

Question 4

What do FHRP’s provide?

Answer 4

FHRPs provide a mechanism for Layer 3 gateway redundancy and load sharing for access layer devices.

Question 5

What are the three FHRPs?

Answer 5

HSRP (Hot Standby Router Protocol), VRRP (Virtual Router Redundancy Protocol) and GLBP (Gateway Load Balancing Protocol)

Question 6

Which protocols are Cisco-proprietary?

Answer 6

GLBP and HSRP

Question 7

HSRP - facts and figures

Answer 7

HSRP gateways share a virtual MAC and virtual IP address - each group contains one active router and one standby router. Only the active router responds to ARP requests and forwards traffic.

Question 8

What are the group numbers and priority numbers for HSRP? Hello and Hold Timer

Answer 8

Priority (0-255 highest priority wins), 0-4095 for group numbers. Hello Timer - 3 seconds, Hold Timer - 10 seconds

Question 9

What is the preempt command?

Answer 9

If the active router goes down and you have configured the preempt command, when the router comes back online, it will assume the active role due to the fact of having being configured with the preempt command.

Question 10

Multicast IP for HSRP v1 and v2

Answer 10

224.0.0.2 for v1, 224.0.0.102 for v2.

Question 11

What are the virtual MAC addresses for HSRP v1 and v2

Answer 11

0000.0c07.acxx v1, 0000.0c9f.fxxx

Question 12

VRRP - Cisco or Industry Standard?

Answer 12

Industry Standard.

Question 13

Facts and figures for VRRP

Answer 13

Master and Backup instead of active and standby. Priority 1-254, groups (only 256). It allows us to share the physical IP address of the master router, you can save an IP address (internet edge may be a beneficial space, fewer IP addresses /29)
- Master router has a physical IP, physical and virtual MAC. When the master goes down, the backup will inherit the .1 from the master and the virtual MAC as well.

Question 14

What is the virtual MAC of VRRP?

Answer 14

0000.5e00.01xx

Question 15

Differences between HSRP and VRRP

Answer 15

In VRRP, preempt is enabled by default. Authentication is the same (open and md5), Multicast address is 224.0.0.18 for VRRP. v2 =IPv4 and v3=IPv6

Question 16

GLBP

Answer 16

Global Load Balancing Protocol

Question 17

What is the makeup of GLBP?

Answer 17

1 Active Virtual Gateway (AVG), Active Virtual Forwarder (AVF). Imagine you have four routers, the AVG assigns or pushes vMAC to each router. If a client (PC) sends an ARP request to the network, the AVG will send the ARP response which will contain a vMAC (1-4). It will use a different load balancing option for each client (PC).

Question 18

What are some Load Balancing Options for GLBP?

Answer 18

Weighted - if we take the same example, four routers, the middle two routers have different upstream circuits and can support 100 MB. The outside routers upstream circuits only support 10 MB. We can push twice as much traffic to routers in the middle.

• Host Dependent: Client macaddress, in this option, the client will always get the same virtual mac address.

-RR

Question 19

What is the multicast and vMAC for GLBP?

Answer 19

MCAST: 224.0.0.102, vMAC: 0007.B40x.xxyy

Question 20

What is in each GLBP group?

Answer 20

AVG, 4 AVFs; the remaining routers becomes secondary virtual forwarders (SVF). If the AVG fails, the AVF with the next highest priority which is referred to as the standby virtual gateway (SVG) will take over for the AVG.

Question 21

High Availability - name the four

Answer 21

RPR (Route-processor redundancy), RPR+ (RPR plus), Stateful switchover (SSO) and SSO with nonstop forwarding (NSF)

Question 22

What does SD-Access provide? (5)

Answer 22

Network automation, segmentation, analytics, identity services and policy enforcement

Question 23

What are the layers within SD-Access

Answer 23

Management, Physical, Controller and Network Layer

Question 24

What is SD-Access

Answer 24

SD-Access helps to simplify, standardize and secure networks by providing automation, policy enforcement, etc. SD-Access consists of a Cisco campus fabric solution that is managed by a Cisco Digital Network Architecture (DNA) controller.

Question 25

What is the Management Layer

Answer 25

The management layer consists of the Cisco DNA Center tools that can be used by administrators to manage the network.

Question 26

What are the four primary workflows for DNA Center Applications?

Answer 26

Cisco DNA Design, Policy, Provision and Assurance

Question 27

What is the controller layer

Answer 27

The controller layer provides the two systems that are used by the management layer: Cisco DNA Center and Cisco ISE. Cisco DNA Center contains two subsystems that operate the controller layer

Question 28

What are the two sub-systems that operate the controller layer

Answer 28

NCP and NDP (Cisco Network Control Platform) and (Cisco Data Platform)

Question 29

What is NCP, and why is it important in automation?

Answer 29

Provides the underlay and fabric automation for the network layer and physical layer. API’s facilitate the automation of management tasks by enabling the controller to communicate with applications rather than relying on an administrator to intervene. NCP configures network devices by using a southbound API such as NETCONF. NCP communicates status information to the management plane by using a northbound API such as REST.

Question 30

What is NDP, and why is it important in automation?

Answer 30

NDP collects data from multiple sources, such as NetFlow and Switched Port Analyzer (SPAN).

Question 31

What does Cisco ISE provide (controller Layer)

Answer 31

provides NAC and 802.1x authentication, MAB (MAC authentication bypass), and Web Authentication (WebAuth)

Question 32

Describe the network layer in automation

Answer 32

Network layer consists of underlay and overlay network. The underlay and overlay are considered the SDN fabric.

Question 33

Underlay Network - details

Answer 33

Includes devices and protocols that comprise the physical network and establish IP connectivity. Includes protocols such as IS-IS, OSPF and EIGRP. Includes devices that physically create the network, routers and switches.

Question 34

Overlay Network - details

Answer 34

Logical network.
- Data and Control plane communication takes place in the overlay network
- Common overlay network protocols include VXLAN, VRF, NVGRE, OTV and mVPN

Question 35

What is SDN Fabric and why is it important to underlay and overlay network?

Answer 35

The combination of the two (underlay and overlay) and all the components that are used to communicate back and forth.
- Consists of the following planes: Control, Data, Policy and Management plane.

Question 36

Provide examples of the following planes: Control, Data, policy and management

Answer 36

Control : LISP
Data: VXLAN
Policy: Cisco TrustSec
Management Plane: Cisco DNA center

Question 37

Control Plane: LISP

Answer 37

ETR: Egress Tunnel Router de-encapsulates LISP packets from EIDs that reside outside the LISP site but have destinations that lie inside the LISP site.
ITR: Ingress Tunnel Router - encapsulates IP packets from EIDs that have destinations that lie outside the LISP site.
MS: Mapping Servers
MR: Map resolvers
EID(endpoint identifiers): assigned to hosts
RLOC(Routing Locators): are assigned to routers
HTDB(Host Tracking Database): LISP manages these mappings in the host tracking database. The HTDB is populated by the LISP Map-Server (MS), and queries to the HTDB are resolved by the LISP Map-Resolver (MR) Service.

Question 38

Data Plane: VXLAN

Answer 38

Layer 2 Tunneling mechanism - overlaying a Layer 2 mechanism on top of a layer 3 network.
- Data plane frames are encapsulated within the User Datagram Protocol (UDP), thereby enabling those packets to be transported over any IP-based underlay infrastructure.
- Cisco VLANs are limited to 4,094, whereas VXLANs allow the creation of 16 million segments.
- includes Security Group Tag (SGT), which is used by Cisco TrustSec

Question 39

Policy: Cisco TrustSEC

Answer 39

When a device connects to the network, it is assigned to an associated security group, which is represented by an SGT.

Question 40

Management Plane: Cisco DNA Center

Answer 40

Centralized controller with GUI-based administration.

Question 41

Describe the physical Layer

Answer 41

Consists of Cisco Routers, switches, wireless devices and controllers.

Question 42

Roles of devices in the Physical Layer (SD-Access)

Answer 42

Control Plane Node, Fabric Border Node, Fabric Edge Node, Intermediate Node, WLC Node

Question 43

Explain the control plane node

Answer 43

A control plane node manages the HTDB, which is used to map EIDs to RLOCs.

Question 44

Explain the fabric edge node

Answer 44

Most of the SDA Fabric will consist of fabric border nodes. Connected to endpoint devices clients (PC’s), AP’s

Question 45

Explain the fabric border node

Answer 45

VXLAN is an example, send layer 2 information over a tunnel. Not connecting to clients, connecting to the rest of the network.

Question 46

Explain the fabric control plane node

Answer 46

Usually a router, LISP control plane element. LISP tells the switches in the environment, where to send the traffic from different clients. Think control plane and data plane separation.

Question 47

Explain the relationship between CP and DP in traditional architecture

Answer 47

A switch has both CP and a DP. Two different level of operations - CP handles routing protocol (OSPF), MAC addresses, exchange of LSA’s. DP sends traffic to DP on another switch - sends packets. looks up incoming information in the CP before sending it off.

Question 48

Explain SD-WLC (Wireless Lan Controller)