Cisco SD-WAN Flashcards
Drag and drop the characteristics of Cisco SD-WAN from the left onto the right. Not all options are used.
Centralized distribution of policies throughout the network.
Operates over DTLS/TLS authenticated and secured tunnels.
Provides flexibility and scalability through a hub and spoke architecture.
1.3 Architecture Cisco SD-WAN
In a Cisco SD-WAN network, which VPN Identifier is reserved for carrying out-of-band network management traffic?
A. VPN 0
B. VPN 1
C. VPN 512
D. VPN 514
C. VPN 512
VPN 0—Transport VPN, which carries control traffic via the configured WAN transport interfaces. Initially, VPN 0 contains all of a device’s interfaces except for the management interface, and all interfaces are disabled.
VPN 512—Management VPN, which carries out-of-band network management traffic among the Viptela devices in the overlay network. The interface used for management traffic resides in VPN 512. By default, VPN 512 is configured and enabled on all vEdge routers except for vEdge 100. For controller devices, by default, VPN 512 is not configured.
VPNs 1 through 511, and 513 through 65530—VPNs on vEdge routers for service-side data traffic.
1.3 Architecture Cisco SD-WAN
In a Cisco SD-WAN network, which VPN Identifier is reserved as the transport VPN, carrying control traffic?
A. VPN 0
B. VPN 1
C. VPN 512
D. VPN 514
A. VPN 0
VPN 0—Transport VPN, which carries control traffic via the configured WAN transport interfaces. Initially, VPN 0 contains all of a device’s interfaces except for the management interface, and all interfaces are disabled.
VPN 512—Management VPN, which carries out-of-band network management traffic among the Viptela devices in the overlay network. The interface used for management traffic resides in VPN 512. By default, VPN 512 is configured and enabled on all vEdge routers except for vEdge 100. For controller devices, by default, VPN 512 is not configured.
VPNs 1 through 511, and 513 through 65530—VPNs on vEdge routers for service-side data traffic.
In a Cisco SD-WAN solution, how is the health of a data plane tunnel monitored?
A. with IP SLA
B. ARP probing
C. using BFD
D. with OMP
C. using BFD
Cisco SD-WAN BFD :
Runs on SD-WAN tunnel to detect failures in the overlay tunnel
1.3 Architecture Cisco SD-WAN
In a Cisco SD-WAN solution, which two functions are performed by OMP? (Choose two.)
A. advertisement of network prefixes and their attributes
B. configuration of control and data policies
C. gathering of underlay infrastructure data
D. delivery of crypto keys
E. segmentation and differentiation of traffic
A. advertisement of network prefixes and their attributes
D. delivery of crypto keys
A and D is correct.
The OMP protocol is responsible for:
– Distribution of Transport Locators (TLOCs) among network sites in the sd-wan domain.
– Distribution of service-side reachability information.
– Distribution of service-chaining information.
– Distribution of data plane security parameters, VPN labels, and crypto keys.
– Distribution of data and application-aware routing (AAR) policies. (Answer E is not correct as OMP is only distribute, not configure data policies)
p634 in the OCG (under vSmart):
“OMP is a proprietary routing protocol similar to BGP that can advertise routes, next hop, keys and policy information needed to establish and maintain the SD-WAN fabric.”
In Cisco SD-WAN, which protocol is used to measure link quality?
A. IPsec
B. OMP
C. RSVP
D. BFD
D. BFD
The BFD (Bidirectional Forwarding Detection) is a protocol that detects link failures as part of the Cisco SD-WAN (Viptela) high availability solution, is enabled by default on all vEdge routers, and you cannot disable it.
Refer to the exhibit. What step resolves the authentication issue?
A. use basic authentication
B. change the port to 12446
C. target 192.168.100.82 in the URI
D. restart the vsmart host
C. target 192.168.100.82 in the URI
C is the correct answer. vManage is used for managing.
1.3 Architecture Cisco SD-WAN
Which two Cisco SD-WAN components exchange OMP information? (Choose two.)
A. WAN Edge
B. vBond
C. vManage
D. vAnalytics
E. vSmart
A. WAN Edge
E. vSmart
“Overlay Management Protocol (OMP): The OMP routing protocol has a similar structure to BGP and manages the SD-WAN overlay network. Its protocol runs between vSmart controllers and between vSmart controllers and WAN edge routers, where control plane information—such as route prefixes, next-hop routes, crypto keys, and policy information—is exchanged over a secure DTLS or TLS connection.”
The Overlay Management Protocol (OMP) is used as the control plane protocol and forms peers between the VSmart Controller and the SD-WAN edge devices. OMP is responsible for advertising which three types of routes in the SD-WAN network? (Choose three.)
A. OMP routes
B. TLOCs
C. MP-BGP
D. LISP routes
E. Service routes
A. OMP routes
B. TLOCs
E. Service routes
- OMP routes: OMP Routes, also referred to as vRoutes, are prefixes learned at the local site via connected interfaces, static routes, and dynamic routing protocols (such as OSPF, EIGRP, and BGP) running on the service side of the vEdge. These prefixes are redistributed into OMP and advertised to the vSmart controller so that they can be carried across the overlay fabric to all other WAN edge nodes. OMP routes resolve their next-hop to a TLOC. An OMP route is installed in the forwarding table only if the next-hop TLOC is known and there is a BFD session in UP state associated with that TLOC;
- TLOC routes advertise Transport Locators of the connected WAN transports, along with additional attributes such as public and private IP addresses, color, TLOC preference, site ID, weight, tags, and encryption keys.
- Service routes advertise embedded network services such as firewalls and IPS that are connected to the vEdge local-site network.
What are two benefits of implementing a Cisco SD-WAN architecture? (Choose two.)
A. It enforces a single, scalable, hub-and-spoke topology.
B. It simplifies endpoint provisioning through standalone router management.
C. It allows configuration of application-aware policies with real time enforcement.
D. It improves endpoint protection by integrating embedded and cloud security features.
E. It provides resilient and effective traffic flow using MPLS.
C. It allows configuration of application-aware policies with real time enforcement.
D. It improves endpoint protection by integrating embedded and cloud security features.
What are two benefits of implementing a traditional WAN instead of an SD-WAN solution? (Choose two.)
A. lower control plane abstraction
B. faster fault detection
C. simplified troubleshooting
D. comprehensive configuration standardization
E. lower data plane overhead
A. lower control plane abstraction
E. lower data plane overhead
1.3 Architecture Cisco SD-WAN
What is a characteristic of Cisco SD-WAN?
A. uses unique per-device feature templates
B. requires manual secure tunnel configuration
C. uses control plane connections between routers
D. operates over DTLS/TLS authenticated and secured tunnels
D. operates over DTLS/TLS authenticated and secured tunnels
What is a characteristic of vManage?
A. It leverages the overlay management protocol to interface with WAN Edge devices.
B. It supports protocols such as OSPF to integrate with legacy network devices.
C. It requires a public IP address to allow WAN Edge devices to discover fabric components.
D. It uses NETCONF to configure vSmart devices to build the overlay network data plane.
D. It uses NETCONF to configure vSmart devices to build the overlay network data plane.
vManage => NETCONF => vSmart => OMP => VEdge
While it’s true that the vSmart controllers don’t construct the data plane, answers A and B are clearly referencing vSmart.
What is a TLOC in a Cisco SD-WAN deployment?
A. value that identifies a specific tunnel within the Cisco SD-WAN overlay
B. identifier that represents a specific service offered by nodes within the Cisco SD-WAN overlay
C. attribute that acts as a next hop for network prefixes
D. component set by the administrator to differentiate similar nodes that offer a common service
C. attribute that acts as a next hop for network prefixes
TLOC: The Transport Location (TLOC) identifier is the next hop of the OMP route. This attribute is very similar to the BGP_NEXT_HOP attribute. Within the TLOC, there are three values:
What is a VPN in a Cisco SD-WAN deployment?
A. common exchange point between two different services
B. attribute to identify a set of services offered in specific places in the SD-WAN fabric
C. virtualized environment that provides traffic isolation and segmentation in the SD-WAN fabric
D. virtual channel used to carry control plane information
C. virtualized environment that provides traffic isolation and segmentation in the SD-WAN fabric.
[…] VPN Segmentation: Traffic isolation is key to any security strategy. Traffic that enters the router is assigned to a VPN, which not only isolates user traffic, but also provides routing table isolation. This ensures that a user in one VPN cannot transmit data to another VPN unless explicitly configured to do so. When traffic is transmitted across the WAN, a label is inserted after the ESP header to identify the VPN that the user’s traffic belongs to when it reaches the remote destination. ««<
What is the centralized control policy in a Cisco SD-WAN deployment?
A. set of statements that defines how routing is performed
B. set of rules that governs nodes authentication within the cloud
C. list of ordered statements that define user access policies
D. list of enabled services for all nodes within the cloud
A. set of statements that defines how routing is performed