MEF-SDN/NFV Flashcards
- An organization just failed an SEC test audit. Packet flooding and redundancy in an emergency are two problems
cited in the audit. The security staff in the organization is advocating for expensive appliances to be purchased. The
CTO wants the network architect to investigate SDN. Which characteristics of SDN are reasons to adopt the CTO’s
recommendation?
Security-defined interoperability will deliver routes that leverage the existing infrastructure and optimize
traffic
Packet-based routing will be providing a better accounting of all traffic in the network through better audit
log information for the auditors
SDN will deliver better isolation of data plane traffic and will provide more flexibility to address
redundancy needs
The ability to separate control plane from the data plane automatically makes data management easier and
more secure
SDN will deliver better isolation of data plane traffic and will provide more flexibility to address
redundancy needs
- A Service Provider is upgrading a set of SDN Switches in a given region. The maintenance window for network
upgrades is 2 am to 4 am. The downtime must be minimized as much as possible. What should the network
administrator do to minimize the downtime?
Reactively program a flow in the controller to redirect traffic toward the region at 1 am
Proactively program a flow in the controller to redirect traffic away from the region at 1 am
Proactively program a flow in the SDN Switches to redirect traffic away from the region at 1 am
Reactively program a flow in the SDN Switches to redirect traffic toward the region at 1 am
Proactively program a flow in the controller to redirect traffic away from the region at 1 am
- A customer requests its VPN provider to prohibit FTP traffic between its branch offices. The VPN provider’s
network is fully SDN controlled, but does NOT offer a self-service portal to its customers.
Which SDN component does the VPN provider’s SDN support engineer need to interact with?
The policy/intent interface of the SDN Controller
The user interface of the OpenFlow instance
The command line interface (CLI) of the VPN gateways
The SNMP interface of the optical network EMS
The policy/intent interface of the SDN Controller
- The network operator is troubleshooting a connection issue for a user TCP/IP connection through the SDN
Network. Which component implements the routing logic for the IP path?
Control plane in the SDN Switch
Control plane in the SDN Controller
Forwarding plane in the SDN Controller
Forwarding plane in the SDN Switch
Control plane in the SDN Controller
- A media content provider struggles with data growth on its SDN network and adds an SDN controller to distribute
the load and increase robustness. Which communication interface should the SDN controllers use to synchronize
their operation and provide a single controller view to the applications?
Eastbound/Westbound interface
Infrastructure layer interface
Application layer interface
Northbound/Southbound interface
Eastbound/Westbound interface
- A Service Provider plans to provide a service portal to allow customers to interact with an SDN network to be
able to view the status and statistics of their services. Which interface does the service portal use to retrieve this
information?
The SDN Switches east/west interfaces
The SDN Controller northbound interface
The SDN Controller OpenFlow interface
The SDN Switches southbound interface
The SDN Controller northbound interface
- A company is evaluating the move to SDN. The CTO fears that the implementation of the OpenFlow protocol
throughout the environment may have a performance impact that affects business operations. How can the
company mitigate risk while still being able to deploy SDN technologies?
Deploy a separate network for OpenFlow protocol traffic
Find a network edge use case that would allow an interoperable OpenFlow solution to be deployed for
deep packet inspection
Find a hybrid networking solution by deploying custom APIs to manage switch traffic from the nonOpenFlow switches
Deploy an overlay SDN solution like VxLAN.
Deploy a separate network for OpenFlow protocol traffic
- A customer has an existing network and wants to extend it with new OpenFlow switches. What southbound
protocol must customer use to manage the legacy switches?
YANG
OpenFlow
OF-Config
NETCONF
NETCONF
- A Service Provider is implementing an SDN solution. Due to budget constraints, the Service Provider will
implement incremental network upgrades and leverage the legacy switching network. Which southbound protocols
must the SDN Controller support to facilitate this architecture?
Ansible and NETCONF
NFV and OpenFlow
OpenFlow and SNMP
OpenFlow and YANG
OpenFlow and SNMP
- A company is planning to roll out all of its new applications to take advantage of SDN. They need to use
OpenFlow 1.3. The new network equipment will be deployed in three phases. The existing network supports 1,200
nodes. Which critical variable should the network architect consider when specifying the new applications to the
development team?
Whether the application should be data center-based or a cloud-based SDN solution
The nature of the SDN/Virtualization application and infrastructure
The ability for OpenFlow 1.3 to support IPv6 and multicast traffic
The interoperability of the legacy and the OpenFlow 1.3 compatible switches
The interoperability of the legacy and the OpenFlow 1.3 compatible switches
- There is a recurring connectivity failure between an SDN Controller and one of the switches. A Network
Operator is unable to isolate the issue. How should the operator resolve these issues?
Upgrade the SDN Controller to the latest software version
Upgrade the network switch to the latest firmware and OpenFlow protocol version
Identify the issue through the analytics component and follow a more specific troubleshooting process
Move the SDN Controller on a new server in a new location
Upgrade the network switch to the latest firmware and OpenFlow protocol version
- An Enterprise is upgrading a part of its current network of Ethernet switches to SDN with OpenFlow switches.
The Enterprise needs to consider the following:
o The legacy Ethernet part of the network uses VLAN 20
o The new SDN part of the network uses VLAN 10
This file is a study guide in preparation for the MEF-SNCP Exam intended for Globe Telecom employees.
Please do not share outside.
o An OpenFlow-hybrid switch connects the legacy Ethernet part and SDN part to L3 gateway using an IEEE
802.1Q trunk. Which OpenFlow rule should be specified in the hybrid switch to match and forward VLAN
20 traffic to the traditional Ethernet pipeline?
If VLAN ID = 20, forward to ANY port
If VLAN ID = 20, forward to CONTROLLER port
If VLAN ID = 20, forward to IN_PORT port
If VLAN ID = 20, forward to NORMAL port
If VLAN ID = 20, forward to NORMAL port
- A Service Provider offers data and voice services to its customers. The Service Provider offers a link with a
capacity of 10 Gbps between two OpenFlow switches. The Service Provider wants to limit the data traffic to 70%
of the link capacity and leave the remaining capacity for voice services. The network administrator created an
OpenFlow queue that was attached to the port and connected to the link. The link directed all data traffic (NOT
voice) to that queue. What is the proper configuration of the queue?
Minimum rate = 3 Gbps; Maximum rate = 3 Gbps
Minimum rate = 7 Gbps; Maximum rate = 7 Gbps
Minimum rate = 3 Gbps; Maximum rate = 10 Gbps
Minimum rate = 7 Gbps; Maximum rate = 10 Gbps
Minimum rate = 7 Gbps; Maximum rate = 7 Gbps
- A Service Provider offers a data plan to customers that contains the following SLAs: a guaranteed rate of 1
Mbps and a maximum rate of 2 Mbps. The Service Provider deploys OpenFlow switches in their network and
wants to implement the SLAs using OpenFlow meters. Customer traffic is subject to a meter band with 2 meters.
What is the proper configuration of the 2 meters in the meter band?
Meter 1: rate = 1 Mbps, type = DSCP remark; Meter 2: rate = 2 Mbps, type = drop
Meter 1: rate = 1 Mbps, type = drop; Meter 2: rate = 2 Mbps, type = drop
Meter 1: rate = 1 Mbps, type = DSCP remark; Meter 2: rate = 1.5 Mbps, type = DSCP remark
Meter 1: rate = 1 Mbps, type = drop; Meter 2: rate = 2 Mbps, type = DSCP remark
Meter 1: rate = 1 Mbps, type = DSCP remark; Meter 2: rate = 2 Mbps, type = drop
- Network operations wants to confirm that the SDN Controller to SDN Switch communication path is
functional. Which protocol should the operator use to verify latency and continuity?
UDP Connection
Hello Messages
TLS Sequencing
Echo Request/Reply
Echo Request/Reply
- In a mobile network, several base stations are attached to the core via a single mobile backhaul wireless link.
Power is available only at the remote end of the backhaul link. The installation of an SDN switch at the remote
end to connect the base stations via the backhaul link to the network core is the first step toward a dynamically
configurable network. Which approach allows the SDN controller located in the core to control the remote SDN
switch?
The SDN control connection is established in-band and isolated from the data traffic
The SDN switch at the remote location is equipped with a battery backup unit
The SDN control connection uses an unreliable transport protocol (such as UDP)
The SDN control connections are established to both master and slave SDN controller
The SDN control connection is established in-band and isolated from the data traffic
- The Service Provider is deploying this SDN topology with the following configuration:
• OpenFlow channel used to exchange OF messages between the controller and the OF switches is on a dedicated
network using the out-of-band OF switch interface
• The subnet address of this dedicated network is 192.168.1.0/24; controller IP = 192.168.1.100
• The connection to the SDN controller must be secured
After establishing the above connections and rebooting the switches, the OF switches failed to establish
connection with the SDN controller. The IT Administrator suspected that it is a connection URl configuration
problem in the OF switches. What should the IT administrator verify when troubleshooting this problem?
The connection URl configured in both OF switches is TLS:192.168.1.100:6653
The connection URl configured in the first OF switch is TCP:192.168.1.1:6653
The connection URl configured in both OF switches is TLS:192.168.1.1:6653
The connection URl configured in both OF switches is TCP:192.168.1.100:6653
The connection URl configured in both OF switches is TLS:192.168.1.100:6653
- The network engineer wants to design the network to be resilient and be able to continue OpenFlow Switch
forwarding even if communications to the SDN Controller is lost. Which SDN Switch Mode must be enabled?
Fail normal mode
Fail secure mode
Fail switch mode
Fail secure drop mode
Fail secure mode
- A client wants to create a level of network resilience that prevents dynamic SDN traffic sent from the
controller to continue in the Switch OpenFlow Pipeline processing if the switch loses connectivity to the SDN
Controller. The degraded operation will result in the switch continuing to operate in its native underlying switch
or router mode. Which configuration mode will provide this level of functionality?
Fail secure mode
Fail standalone mode
Fail normal mode
Fail secure drop mode
Fail standalone mode
- An SDN network is built using OpenFlow version 1.3 as the Southbound API. Both the master and slave SDN
Controller have experienced a catastrophic failure. The switches are configured in Fail-Secure mode. How will the
forwarding plane behave in this situation?
The SDN Switches will drop all traffic received through the active physical ports
The SDN Switches will only forward new flows through the active physical ports
The SDN Switches will forward all traffic through the active physical ports
The SDN Switches will forward already configured flows through the active physical ports
The SDN Switches will forward already configured flows through the active physical ports
- An Operator is trying to create 6,000 virtualized networks that are interconnected through a common Layer 2
closed user group. The Layer 2 networks must support both unicast and broadcast delivery. Because there is a 4K
limitation when using VLANs, which IP-based overlay can accomplish this task?
VXLAN
IPv6
IPSEC
MPLS
VXLAN
- An SDN application subscribes to Emergency Alert Systems for the locations where SDN Switches are present.
The application receives an earthquake alert. What should the SDN Controller do to mitigate connectivity loss to
customer-facing traffic?
Broadcast the traffic to all SDN Switches in the affected areas
Dispatch a technician to the unaffected area
Redirect the traffic away from the affected areas
Configure more ports on the SDN Switches in the affected areas
Redirect the traffic away from the affected areas
- A user is deploying an SDN solution to upgrade a decade-old legacy routed network. The user prefers to
deploy the SDN network in a mixed mode/hybrid fashion with some devices managed via OpenFlow and other
devices managed via NETCONF/YANG. Which SDN Controller should the user select?
OpenStack
OpenDaylight
Open Source Networking
Open Software Defined System
OpenDaylight
- A network is experiencing long delays in acknowledging communication between the network switches and
the SDN Controllers. The use of multiple protocols between the controllers and the switches is causing an
increase in latency. The SDN Controllers were originally Beacon but have been upgraded to Ryu since Beacon
failed to meet the network’s requirements. Which approach addresses this problem?
Roll back to the Beacon SDN Controller
Implement high availability functionality for all network elements
Fix the APIs for each of the applications on the network
Replace Ryu with two OpenDaylight controllers in active/active mode
Replace Ryu with two OpenDaylight controllers in active/active mode
- Several employees on the same floor report erratic network behavior. The SDN control channel to the switch
on that floor is NOT established. What is the first step the SDN engineer should do to troubleshoot the OpenFlow
connection?
Reboot the SDN Controller and wait for the problem to resolve automatically
Trigger a connection re-establishment from the SDN Controller
Make sure that the SDN Switch has the correct SDN Controller configured
Unplug all cables from the SDN Switch to avoid a security risk
Make sure that the SDN Switch has the correct SDN Controller configured
- The new “Aggregation 2” switch must to be added to handle the traffic growth. The entire network is
controlled through the SDN Controller. Which configuration must be performed to integrate the new Aggregation
2 switch into the SDN network?
Configure the flow tables in the new switch so that traffic is forwarded to the appropriate destination
Configure the activation of the spanning tree protocol because it will automatically set up connectivity
Configure the routing protocol parameters and neighboring nodes and next hops
Configure the SDN controller and the control connection parameters such as encryption, protocol, etc.
Configure the SDN controller and the control connection parameters such as encryption, protocol, etc.
- An organization has assigned the network architect to design an SDN network in a hybrid switch environment.
The network has the following requirements:
• The SDN solution should be OpenFlow 1.3 or later with an open source SDN controller solution
• There has to be encrypted route traffic information between the SDN controllers
What should the architect do to meet the network design requirements?
Replicate the TCAM information in the non-OpenFlow switches to the OpenFlow switches
Mandate that all applications use network overlays to populate the inter-switch links in the network
Recommend that all of the switches meet a tuple-parsing minimum in the packet header that is faster
than traditional non-SDN switches
Recommend the ODL Neutron SDN Controller, since it provides the most thorough addressing of the
requirements
Recommend the ODL Neutron SDN Controller, since it provides the most thorough addressing of the
requirements
- The Service Provider has deployed SD-WAN software in their network. After a controller upgrade, the system
administrator tried to deploy a white box branch device, which failed during the usual deployment procedures.
What could be causing the failure of this deployment?
The underlay network needs to be downgraded to the previous software version
The branch device software needs to be supported by the controller software
The controller and all the white box devices need to be rebooted
The white box device needs to be replaced with a new one
The branch device software needs to be supported by the controller software
- Network Operations wants to be notified whenever a new switch or device is added to the SDN Network.
What type of SDN application is needed?
Reactive application
Proactive application
RESTful application
Preemptive application
Reactive application
- An Operator is upgrading a legacy network to SDN. The upgrade should be transparent to the legacy
networking devices. What should the Operator do to meet this requirement?
Install an SDN Controller supporting OpenFlow and replace the networking devices with devices
supporting OpenFlow
Install a NETCONF Agent on the networking devices and install an SDN Controller supporting
NETCONF/YANG
Install an SDN Controller that can support the legacy southbound interfaces and install the relevant
applications
Install an OpenFlow Agent on the networking devices and install an SDN Controller supporting OpenFlow
Install an SDN Controller that can support the legacy southbound interfaces and install the relevant
applications
- A network company buys another network company. The engineers and architects must determine how to
merge the two networks. Both have an MPLS backbone with the presence of BGP route reflectors and use various
routing protocols in their networks such as IS-IS and OSPF. Both have a mixture of traditional equipment and SDN
equipment. For certain applications, they both use ODL. It is recommended to use an SDN architecture.
Which SDN solution should be used for the merge?
Replace the two local ODL controllers with a central ODL controller using Path Computation Element
Protocol (PCEP) and OpenStack
Create a single Network to Network Interface and use BGP
Update the VNF forwarding graph with a new virtual link
Replace the two local ODL controllers with a central ODL controller using BGP-LS and Path Computation
Element Protocol (PCEP)
Replace the two local ODL controllers with a central ODL controller using BGP-LS and Path Computation Element Protocol (PCEP)
- The CTO and management want the SDN applications introduced into production as soon as possible, even if
there is a risk that the hybrid SDN solution may not scale. The architect has the promises of all the different
vendors - network switch, SDN controller, and SDN applications - that the solution will work. None of those
promises are in writing. What is the most compelling argument for pausing to deploy a formal test lab for SDN
applications?
SDN gives greater management control to the network, so it is important to investigate all aspects of
that management prior to deployment.
Advocate for an agile framework so that any programming modifications can be swiftly modified in the
SDN applications.
As long as the vendors have promised interoperability verbally, what remains is to secure a written SLA
from each of the vendors.
SDN reduces operational expense of running the network, so additional resources can be added to apply
out-of-band management solutions.
SDN gives greater management control to the network, so it is important to investigate all aspects of
that management prior to deployment.
- A company’s network infrastructure has been upgraded to OpenFlow-based white box switches. The network
architect is selecting an open-source SDN controller. The architect has several options, but none fully support the
planned deployment. They all require some extensions. The goal of the deployment is to implement priority
treatment for the network traffic of the company’s CEO, who regularly visits branch offices located in many
locations around the world.
Based on these requirements, which features are most important for this deployment?
Secure north-bound interfaces and automatic conflict detection
Isolation of various tenants and wide-range of accounting and reporting options
Flexible QoS management and a unified network model
Support for multiple SDN control protocols and model-based extensibility
Flexible QoS management and a unified network model
- An SDN controller is using NETCONF to configure SDN switches. An engineer is attempting to provision a new
service that requires configuring multiple switches along the traffic path. However, one of the nodes along the
path is NOT responding. What should the SDN controller do?
Configure every other node along the path
Configure the first node along the path and raise an alarm
Configure none of the nodes and raise an alarm
Configure only the non-responsive node
Configure none of the nodes and raise an alarm
- A Service Provider is building their SDN network using an SDN Controller and OpenFlow Switches. The Service
Provider needs to mitigate the following security challenge: attackers may launch a Denial of Service (DoS) attack
by sending a high volume of unique flows, which could result in a high volume Packet-In messages from OpenFlow
switches to the SDN Controller making the controller inaccessible.
Which solution should the network architect select to keep the SDN controller safe from this DoS attack?
Increase link capacity or reserved bandwidth for Packet-In messages
Upgrade hardware with higher CPU power and memory capacity
Install rate limits for Packet-In messages using queue or meter bands
Install more SDN Controllers to form a load-balancing cluster
Install rate limits for Packet-In messages using queue or meter bands
- A Service Provider plans to deploy a network made up of 5,000 OpenFlow switches. The switches are
partitioned in domains, and each domain is controlled by a separate controller. The controllers are organized in a
federated arrangement. Each controller can support up to 1,000 OpenFlow switches, but must be able to
completely support another domain if the controller that controls that domain fails.
How many controllers must the Service Provider deploy to support this arrangement?
7 controllers
8 controllers
10 controllers
5 controllers
10 controllers
- A Service Provider deployed an SDN system to support 100,000 services. The system has the following
configuration:
• 2 SDN controllers in active/active configuration
• Each SDN controller is sized for 100,000 services
The system must grow to support 150,000 services with the same level of redundancy. What should the network
architect do to support system growth?
Increase the bandwidth between two existing SDN controllers and the available system memory
Increase the disk space on the existing SDN controllers and increase the write cache for better
performance
Identify potential services that are duplicative and get permission for them to be removed
Deploy an additional SDN controller of the same capacity as the existing controllers
Deploy an additional SDN controller of the same capacity as the existing controllers
- The network architect needs to design a native SDN network in a greenfield environment. The network spans
3,000 miles and three data centers. The controllers must be configured in a federated model. Which aspect of the
recommended solution must be considered as the top priority in designing both the scalability and resilience of
the new SDN network?
The need to increase the interconnect speed and reduce the latency between switches in the data centers
of the organization
The key management infrastructure that must be designed to efficiently retrieve performance
information from the network
Adopting the OpenDaylight SDN solution that will feature the ability to replicate controller switch
information
Addressing the long propagation delays among controllers that can lead to a long response time in the
replication of the controllers
Addressing the long propagation delays among controllers that can lead to a long response time in the
replication of the controllers
- As part of the SDN deployment, the SDN Controllers must be secured. The controllers are deployed in a High
Availability (HA) configuration. The Linux OS servers are hardened to avoid malware hosts, and the data center
has been physically hardened. How can the administrator avoid the insertion of unauthorized controllers
(“controller-in-the-middle”) that could hijack the controller infrastructure?
Creating an audit log of all controller access to document anomalies in the network
Deploying an authentication protocol between the controllers
Replicating key management systems to the controllers’ instruction database to redundant servers
Leveraging DPI for all controller traffic to identify a potential DDoS attack
Deploying an authentication protocol between the controllers
- A Service Provider deploys SDN Controllers in a hierarchical configuration. The parent SDN Controller interacts
with child SDN Controllers. Each child SDN Controller manages the respective networking domain. Which method
should be used to minimize network downtime?
High availability configured only for child SDN Controllers because they manage the immediate network
High availability NOT required for either the parent or the child SDN Controllers because they are always
stable
High availability configured only for parent SDN Controller because it maintains all global data
High availability configured for both parent SDN Controller and child SDN Controllers
High availability configured for both parent SDN Controller and child SDN Controllers
- A company considers building an SDN network based on the OpenFlow protocol. The OpenFlow connection
setup between an OpenFlow switch and an SDN controller must meet privacy, integrity, and identity security
requirements. Which connection setup should the network architect select to meet the requirements?
TLS connection with switch side certificate
TCP connection in a separated control place network/VLAN
TLS connection with certificates from both sides
TLS connection with controller side certificate
TLS connection with certificates from both sides
- When dealing with third-party proactive SDN applications, a network operator must address the following
security challenges:
• An error in the third-party application could cause the SDN controller to crash
• Third-party applications can gain access into the internal data structures of SDN controllers
What is the proper protection mechanism?
Ask the developers of third-party applications to follow security guidelines
Apply an audit check before a third-party application is allowed to run
Run third-party applications in separate processes from the SDN controllers
Run third-party applications as plugins of the SDN controllers
Run third-party applications in separate processes from the SDN controllers
- A white box server hosting an SDN controller deployed at the customer site fails during an upgrade process.
Connectivity to the controller has been lost. How should the network administrator access the device?
Console
FTP
SSH
Telnet
Console
- A misbehaving VNF is generating too much traffic and consuming too many resources. How can the VNF
deployment be modified to address this problem?
Containerization of Virtual Network Functions
Replication of VNF service chains
White-box system deployments
A custom vendor appliance
Containerization of Virtual Network Functions
- Field trials for an organization’s VNF instances have ended with success. Now, VNFs must be deployed across
thousands of network segments in the global network. Which organizational goal presents the greatest challenge
in the management of the new deployment?
A comprehensive global domain VNF catalogue function
A comprehensive MANO solution
A robust service-chaining solution
A multi-domain VNF replication function
A comprehensive MANO solution
- System architects are planning a new NFV deployment. The architects decide to group the NFV-MANO
functional blocks and design the interfaces to all other functional blocks that are part of the architectural
framework based on shared reference points. Based on the NFV architectural framework, which set of functional
blocks share reference points with the NFV-MANO?
OSS/BSS, EMS, VNFM, NFVI
EMS, VNF, NFVI, OSS/BSS
NFVO, EMS, NFVI, OSS/BSS
NFVO, VNFM, EMS, VIM
EMS, VNF, NFVI, OSS/BSS
- An NFVO system receives a network service instantiation request. Which components does the NFVO need to
interact with to execute request?
VNFM and SDN Controller
VNFM and VIM
VIM and SDN Controller
VNFM and EMS
VNFM and VIM
- An Operator is creating a service using a set of service components located on the customer premises. How
should the Operator perform this task?
Instantiate and configure the service to chain between adjacent service components
Instantiate and configure the service using the Service Activation Testing (SAT) function
Instantiate and configure the service using automated Fault Management notifications
Instantiate and configure the service deploying an automated Service Assurance function
Instantiate and configure the service to chain between adjacent service components
- An organization is deploying a virtualized network over its existing network infrastructure. The CTO has
requested that the organization use NFV service chains. The network designer will instantiate resources including
compute, memory, and grouping in NFV service chains. Which element of the NFV infrastructure should be used
to instantiate these service chains?
The NFV Orchestrator (NFVO)
The VNF Deployment Manager (VDM)
The Virtualized Link Descriptor (VLD)
The VNF Forwarding Graph Manager (VFGM)
The NFV Orchestrator (NFVO)
- A customer requests a Service Provider to deploy a VNF that is made up of three Virtual Deployment Units
(VDUs). Each VDU requires 4 vCPUs and 8 GB RAM for its operation. Three servers with the following capabilities
are identified as NFVI compute resources:
Server A: 64 vCPU and 64 GB RAM
Server B: 32 vCPU and 48 GB RAM
Server C: 12 vCPU and 24 GB RAM
The customer requests node anti-affinity policies to be enforced.
Which VDU placement is appropriate to meet this requirement?
All three VDUs on Server A
Each VDU on a different server
Two VDUs on Server A and 1 VDU on Server B
Two VDUs on Server B and 1 VDU on Server C
Each VDU on a different server
- A Service Provider has installed an NFV software framework into their network. An operator needs to view
alerts and events from the deployed VNFs. Which component provides this information?
VNF Manager
Analytics/Service Assurance node
Access Manager
NFV Infrastructure
VNF Manager
- A company is running a simple web service made up of a front-end web server and a back-end database
server. Users connect to the front-end web server. The company has 200 customers that generate the given CPU
and memory utilization rates. The company plans to expand and the user base and workload is expected to
double. The network architect needs to make the existing service capable of scale-out for the upcoming
expansion. The architect also needs to identify additional service components required.
What should the network architect recommend to achieve a minimum design change while maintaining quality of
service?
Add 1 back-end database and deploy 1 load-balancer in front of the database as a new service component
Add 1 front-end web server and deploy 1 load-balancer in front of the web server as a new service
component
Add 1 front-end web server and 1 back-end database and deploy a backup server as a new service
component
Add 1 back-end database and 3 front-end web servers and deploy load-balancers as a new service
component
Add 1 front-end web server and deploy 1 load-balancer in front of the web server as a new service
component
- An administrator needs to modify the Virtualization Domain, Compute Domain, and Infrastructure Networking
Domain within a Service Provider’s NFV infrastructure. Which component is responsible for managing and
controlling these domains within the NFVI functional block?
NFV Infrastructure (NFVI)
Virtual Network Functions (VNFs)
VNF Manager (VNFM)
Virtual Infrastructure Manager (VIM)
Virtual Infrastructure Manager (VIM)\
- An Operator plans to deploy an NFV system. The system must be able to manage the VNF infrastructure and
orchestrate the workflow of instantiating the VNFs, as well as configure them and manage their lifecycle. Which
architectural building block as defined by ETSI NFV Industry Specification Group (ISG) should the Operator use to
configure an instantiated VNF?
OSS
VIM
LSO
EMS
EMS
- A customer subscribes to a Service Provider’s managed SDN-based service based on a vCPE that includes a
virtual router and virtual firewall. All configuration of the VNFs must be performed by the Service Provider. The
customer suffered a security attack and requests that the Service Provider update the firewall policies to address
the issue. Which component should be used by the Service Provider to update the firewall policies?
OSS
SDN Controller
NFVO
VIM
SDN Controller
- An Operator plans to deploy a network service composed of a chain of VNFs. When deploying the service,
what should the Operator create and configure?
An intrusion/detection mechanism in front of the first VNF in the service chain
A logical overlay tunnel between adjacent VNFs in the service chain
An OpenStack instance to manage and monitor the service chain
A secure overlay tunnel between each VNF and an SDN Controller
A logical overlay tunnel between adjacent VNFs in the service chain
- An enterprise customer subscribes for a low-delay 10 Mbps pipe from the Service Provider and requests a
network service to allow all traffic to pass through Firewall and IDS functions before reaching their remote sites.
The NFV Orchestrator deploys two virtual functions (1 for Firewall and 1 for IDS) to deliver this network service.
Each virtual function has two virtual NICs connected to the virtual switches within the hypervisor. The NFVI
infrastructure has 10 Gbps and 40 Gbps ports.
To enable service to this customer, what operations must be performed by the SDN Controller?
Configure Forwarding and QoS Policies only in the virtual infrastructure because only virtual functions are
used
Configure Forwarding Policies only at the entry of the physical network where this customer traffic enters
the network
Configure the Forwarding policies only at the exit of physical infrastructure where customer traffic exits
the network
Configure Forwarding and QoS policies in both the physical infrastructure and virtual infrastructure for
this customer
Configure Forwarding and QoS policies in both the physical infrastructure and virtual infrastructure for
this customer
- An operator is trying to edit a deployment template to make changes to the links between connected VNFs on
a TOSCA-enabled NFV architecture. Which NFV component describes the relationship between the VNF links?
Physical Network Function (PNF)
Virtual Network Function (VNF)
Virtual Deployment Units (VDU)
Network Service Descriptor (NSD)
Network Service Descriptor (NSD)
- The MANO component of an NFV system includes a service catalogue, a VNF image store, a VM deployment
function, and an SDN controller. A customer of the NFV system is running a vCPE service made up of several VNFs
including a vNAT. The customer wants to replace this vCPE from vendor A with a vCPE from vendor B. Images for
the new VNFs were loaded to the image store and triggered to redeploy/update the service.
Which step is required for this replacement?
Develop and activate a test plan for the new service
Update the vCPE service descriptor in the catalogue
Upload a new load-balancer VNF to the image store
Remove the old vCPE VNF images from the image store
Update the vCPE service descriptor in the catalogue
- A Service Provider’s NFV infrastructure (NFVI) is hosting VNFs from multiple vendors to support real-time
applications like VoLTE. The application requirements need to be hosted in multiple data centers connected
through WAN and support deployment of both green-field VNFs and VNFs of existing Physical Network Functions
(PNFs). Which three domains can support these requirements within the NFVI architecture?
Compute Domain, Virtualization Domain, Infrastructure Networking Domain
Application Domain, Transport Domain, Physical Domain
Data Center Domain, Service Provider Domain, Enterprise Domain
Virtual Domain, Physical Domain, Orchestration Domain
Compute Domain, Virtualization Domain, Infrastructure Networking Domain
- An Operator is creating a network service made up of several VNFs in an active NFV system. The Operator’s
design team needs to execute a set of procedures to create this service. What should the team do to meet this
requirement?
Use the EMS to configure each VNF respectively
Use the VIM to plan and deploy the VNFI environment
Request the VIM to install and instantiate the VNFs
Design, onboard, and instantiate the network service
A request to the NFVO to instantiate a network service
- Troubleshooting of a service interruption identified that suboptimal routing occurred that was caused by one
specific application. The Network Service is deployed using NFV technology. The applications are on separate
VMs. The VMs run over Open Virtual Switch (OVS). What action should the SDN engineer recommend to
immediately address the problem?
Delete the congested virtual link
Create and instantiate a new VNF instance
Route around the congested link using Fast ReRoute
Configure the SDN Controller to bypass the application
Configure the SDN Controller to bypass the application
- A disaster recovery test revealed insufficient isolation between VNFs and the chance of a security breach
affecting a neighboring VNF. How should the isolation of the VNFs be improved?
Increase logging and monitoring of the VNF behavior
Distribute the VNFs across additional NFVI instances
Actively manage the authentication of new VNFs
Replicate the VNF catalogue across domains
Distribute the VNFs across additional NFVI instances
- A provider is offering services via several VNFs. After a major service outage, engineers find that the outage
was due to a bug that caused a few of the VNFs to operate incorrectly. A new software version is available that
fixes the problem. The new software also introduces new services that will be used by some of the VNFs. The old
services still must be offered to a selected group of VNFs.
How should the engineer proceed with the upgrade?
Deploy the new and old version at the same time while directing new service requests to the new
software version
Deploy the VNFs as active/standby with the old version on the standby VNF and the new version on the
active VNF
Deploy only the new software version and upgrade the other VNFs to be compatible with the new
services in the next release
Deploy the VNFs as active/standby with the old version on the active VNF and the new version on the
standby VNF
Deploy the new and old version at the same time while directing new service requests to the new
software version
- A Service Provider deploys a cloud center with servers built to run VNFs. The host OS is Linux Ubuntu Server
version 16.04 and the Open-vSwitch (OVS) version is 2.7.0. The OVS is managed by an OpenDaylight SDN
controller. Each server must be able to monitor each VM’s Ingress/Egress traffic.
How can each VM’s ingress/egress traffic monitoring be done using the NFV architecture?
Add a monitor VNF in a new VM and configure it to communicate with each deployed VNF and get its
Ingress / Egress traffic
Replace OVS with monitoring SDN application that will communicate with ODL
Add a monitor VNF in a new VM and configure OVS to mirror each VNF virtual port traffic to the new
VNF virtual port
Modify each of the NFVs deployed in the server to collect traffic and send it to ODL
Add a monitor VNF in a new VM and configure OVS to mirror each VNF virtual port traffic to the new
VNF virtual port
- The network test engineer is tasked with developing the optimum test environment for evaluating network
elements and services for the organization’s NFV environment. Security and usability have already been
addressed. The test environment is per ETSI-NFV specification, illustrated above. The primary deliverable is to
validate the SLA for high availability in convergence failover times in the simulated environment.
What key area needs to be considered in testing to make certain the organization is prepared before these VNFs
are introduced in a production context?
Ensuring the SLA provides for multiple service chaining in case of catastrophic failure
Simulating a multiple VNF environment to load balance the network throughput
Running stress traffic rates (150%) over 5 hours for SLA validation
Identifying multiple VNFs that are associated with the same physical server
Identifying multiple VNFs that are associated with the same physical server
- In a Service Provider NFV deployment, a VM is declared unavailable if it does NOT respond in the following
configured periods:
• VM supporting VoLTE VNF: 10 ms
• VM supporting VoLTE Business Support System (BSS): 2000 ms
Live migration of a VM takes 1000 to 1500 ms for any workload. High availability is NOT configured for any of the
VMs. The Service Provider plans a live migration of VMs to manage data center resources.
Which strategy should be used to support live migration?
Migrate both VoLTE BSS and VoLTE VNF at the same time
Migrate VoLTE VNF but ensure VoLTE BSS is NOT migrated
Migrate the VoLTE BSS but ensure VoLTE VNF is NOT migrated
Migrate both VoLTE BSS and VoLTE VNF in sequence
Migrate the VoLTE BSS but ensure VoLTE VNF is NOT migrated
- A Service Provider needs to create a network service that contains an Intrusion Detection System (IDS) to
detect malicious traffic. The network uses OpenFlow switches.
Solution requirements:
• Minimize delay for user traffic
• Minimize processing load on the IDS system
How should the Service Provider implement the IDS system?
Deploy the ISD as bump-in-the-wire network device
Install OpenFlow rules to mirror all user traffic to the IDS system
Use Switched Port Analyzer (SPAN) port to mirror all traffic to the IDS system
Install OpenFlow rules to mirror selected traffic to the IDS system
Install OpenFlow rules to mirror selected traffic to the IDS system
- A Service Provider deploys VNFs from various vendors to build a single Service Function Chain (SFC). A
software upgrade on one of the VNFs (VNF A) is planned. The Service Provider is building a testbed to test the
new version of VNF A to minimize interoperability issues.
How should the Service Provider build the testbed?
All VNFs in the chain
Only the VNFs adjacent to VNF A in the SFC
VNF A and VNFs adjacent to VNF A in the SFC
VNF A only
All VNFs in the chain
- A Service Provider is designing a Service Function Chaining (SFC) that includes a DPI VNF and a Load Balancer
VNF. The DPI VNF looks into the payload of the subscriber packets to do traffic classification and appends an
application ID to be delivered to the Load Balancer VNF using either inband metadata or out-of-band metadata.
The Load Balancer VNF will use the application ID to steer a packet into a link that is assigned to that application
ID.
The following information must be considered:
• Total network delay between DPI VNF and Load Balancer VNF for subscriber packets must not exceed 1 ms
• Total network delay for out-of-band metadata including the insert of metadata into a local cache at Load
Balancer VNF is 2 ms
• Total number of possible values of application IDs is 5000
• VLAN tag is 12 bits
• MPLS label is 20 bits
Which design should the Service Provider use to map the application ID?
Inband metadata mapping into a MPLS label
Inband metadata mapping into a VLAN tag
Out-of-band and inband metadata
Out-of-band metadata
Inband metadata mapping into a MPLS label
- A Service Provider carries various traffic types: email, voice, video, and web. The Service Provider introduces
SDN and NFV service chaining to improve its business model. Each traffic type is routed through its appropriate
service chain. For example, the email service chain includes virus, spam, and phishing detection. The web traffic is
routed through a chain that includes virus scanning and an Application Delivery Controller (ADC).
What should follow the edge router at the customer premises to implement this NFV service chaining?
A DPI service that marks traffic according to the traffic type
A Layer 2 switch that switches the traffic to a different port according to its VLAN
An SDN controller that creates the appropriate service chain according to the traffic type
Virus, spam, phishing detection and then virus scanning and ADC\
A DPI service that marks traffic according to the traffic type
- The operator wants to deploy the service chain shown.
in —> VNF1 —(W)—VNF2—(X)—VNF4 —> out
| |
| |
(Y)—VNF3—-(Z)
To avoid customer dissatisfaction, the operator defines performance constraints. One constraint is the network
delay through the service chain. A processing delay of 3 ms per VNF occurs.
Which combination of link delays satisfies a delay limit of 20 ms for the whole service chain?
W: 5 ms, X: 5 ms, Y: 1 ms, and Z: 2 ms
W: 4 ms, X: 4 ms, Y: 3 ms, and Z: 3 ms
W: 8 ms, X: 2 ms, Y: 2 ms, and Z: 3 ms
W: 3 ms, X: 9 ms, Y: 2 ms, and Z: 1 ms
W: 5 ms, X: 5 ms, Y: 1 ms, and Z: 2 ms
- Why do Service Providers offer SD-WAN services with Quality of Service utilizing MPLS and Public Internet?
Because SD-WAN can steer network traffic over multiple paths
Because Public Internet has the same characteristics as MPLS
Because SD-WAN enables Class of Service over the Public Internet
Because SD-WAN eliminates queuing that exists in traditional WAN networks
Because SD-WAN can steer network traffic over multiple paths
- An SD-WAN is deployed using different transport technologies:
• A low-cost Internet access that provides best-effort transport for traffic (bandwidth of 40 Mbps and expected
average delay of 30 ms)
• Premium MPLS transport that provides guaranteed traffic (bandwidth of 10 Mbps and delay below 10 ms)
The following traffic types are expected to cross the SD-WAN. Each traffic type has SLAs such as bandwidth and
packet delay:
[1] Business critical applications (packet delay < 5 ms)
[2] Voice and video communications (packet delay < 50 ms)
[3] Social media and web content (packet delay < 10 ms)
[4] Backup of branch-office data (packet delay < 70 ms)
[5] Guest WiFi (packet delay < 100 ms)
A client must make sure the SD-WAN system uses both transport options.
What is the most cost-efficient way to transport the traffic?
Traffic type 1 and 3 to MPLS and the other types to the Internet
Traffic type 2 and 3 to MPLS and the other types to the Internet
Traffic type 3 and 5 to MPLS and the other types to the Internet
Traffic type 2 and 4 to MPLS and the other types to the Internet
Traffic type 1 and 3 to MPLS and the other types to the Internet
- Which OpenStack project has orchestration capabilities?
a. Heat
b. Horizon
c. Sahara
d. Cinder
A. HEAT
- There are many initiatives and platforms implementing SDN features. Also, there are now various implementations of SDN in the data center environments. The three main flavors are: Open SDN, SDN by APIs and SDN via overlays.
Which of the following describes SDN via APIs?
a. SDN implementation where controller programs, control plane of device thru legacy interfaces (SNMP, CLI, RADIUS) or newer interfaces (NETCONF/YANG, REST, XMPP, BGP-LS, PCEP)
b. SDN implementation where virtualized networks are erected on top of existing infrastructure
c. SDN implementation where network devices are programmable and control is centralized, controller communicates to network devices using only the standard protocol OpenFlow
SDN implementation where controller programs,
control plane of device thru legacy interfaces (SNMP, CLI, RADIUS) or newer interfaces (NETCONF/YANG, REST, XMPP, BGP-LS, PCEP)
- Which role does OpenStack serve in SDN?
a. vRouter
b. Orchestrator
c. Controller
d. Gateway
b. Orchestrator
- In an NFV environment, what is the role of an SDN controller?
a. Dynamically controls all of the software components
b. Spins up the VMs that are required to build the NFVs
c. Dynamically scales up and scales down VM resources
d. Connects the virtualized networking devices through a common policy-based model
D. Connects the virtualized networking devices through a common policy-based model
- What is the function of an NFV Orchestrator (NFVO)?
a. It manages the infrastructure.
b. It manages the NFVI compute, storage, and network resources in the cloud data center.
c. It coordinates the life cycle of VNFs that jointly instantiate a network service.
d. It is responsible for service life-cycle management, including instantiating, scaling, upgrading, downgrading, modifying, and terminating VNFs.
d. It is responsible for service life-cycle management, including instantiating, scaling, upgrading, downgrading, modifying, and terminating VNFs.
- What are the two advantages of SDN? Choose 2.
a. Programmability
b. Centralized management
c. Static networking
d. Decentralized management
a. Programmability
b. Centralized management
- You want to rapidly deploy elastic Layer 3 through Layer 7 services in a data center. What would be used to accomplish this task?
a. NFV
b. MPLS
c. VPLS
d. VXLAN
a. NFV
- Listed below are some descriptions of the relevant efforts made by IETF for network operations in the SDN world:
1) provides mechanisms to install, manipulate, and delete configuration of network devices; use XML-based data encoding; operations realized as RPCs
2) data modeling language used to model configuration and state data
3) provides a programmatic interface over HTTP for accessing data
Match the list above with the corresponding protocol.
a. 1)NETCONF; 2)YANG; 3)RESTCONF
b. 1)YANG; 2)NETCONF; 3)RESTCONF
c. 1)NETCONF; 2)RESTCONF; 3)YANG
d. 1)RESTCONF; 2)YANG; 3)NETCONF
d. 1)RESTCONF; 2)YANG; 3)NETCONF
- Which two statements about SDN and NFV are true? Choose two.
a. SDN decouples network services from hardware appliances so they can run in software.
b. SDN separates network control and forwarding functions and provides a centralized view of the network.
c. NFV decouples network services from hardware appliances so they can run in software.
d. NFV separates network control and forwarding functions and provides a centralized view of the network
B. SDN separates network control and forwarding functions and provides a centralized view of the network.
