Network Virtualization

Question 1

Hypervisors

Answer 1

The host OS runs natively on x86 hardware or bare metal

Type 1: Server virtualization. Examples are VMware ESXi, Microsoft Hyper-V

Type 2: Running VMs on a typical personal pc. Examples are VMware Fusion, VMware Workstation, Oracle Virtualbox

Question 2

vSwitch

Answer 2

May connect to the host physical NIC to allow VMs to get layer 2 access. Can provide 801.Q VLAN tagging to separate layer 2 traffic

Question 3

Network Function Virtualization

Answer 3

Takes features and functionality of proprietary network equipment and implements them into VMs. These VMs are called virtual network functions (VNFs). An example is the Cisco CSR1000v. VNFs can run on type 1 or type 2 hypervisors

Question 4

Single-Root I/O Virtualization (SR-IOV)

Answer 4

SR-IOV allows multiple VNFs to share the same physical NIC on a VM host

Question 5

Edge Virtual Bridging (EVB)

Answer 5

Using a physical switch to pass layer 2 traffic between VMs running on the same host. There are 2 approaches:

Internal EVB: The physical NIC includes an internal switch that bridges traffic between separate VFs. Called virtual Ethernet bridge (VEB) mode

External EVB: Traffic from one VNF goes out of the physical NIC to a physical switch, then comes back into the same NIC. This is called hairpinning or reflective relay. Configure VEPA to use reflective relay

To enable reflective relay on a Nexus switch:

switchport mode virtual-ethernet-bridge

Question 6

GRE

Answer 6

It allows you to tunnel almost any layer 3 protocol over another. Uses IP protocol number 47

IPv4 over IPv4

Ipv6 over IPv4

Question 7

Recursive Routing

Answer 7

Occurs when a route to a tunnel endpoint uses the tunnel interface itself as the next hop

Question 8

IPsec

Answer 8

Encrypt traffic between 2 endpoints.

Question 9

Internet Key Exchange (IKE)

Answer 9

Exchange the encryption keys that they’ll use to encrypt IPsec traffic. IKE uses UDP port 500

Question 10

Encapsulating Security Payload (ESP)

Answer 10

IPsec uses ESP to provide encryption and authentication. 2 modes are transport and tunnel

Question 11

Transport mode

Answer 11

Only the IP payload is encrypted. IP protocol number is changed to 50

Question 12

Tunnel mode

Answer 12

The entire inner IP packet is encrypted.

Question 13

Tunnel Protection Command

Answer 13

Causes IOS to automatically encrypt and decrypt GRE packets using IPsec

R1(ipsec-profile)#int tunnel12
tunnel protection ipsec profile myprofile

Question 14

Location/ID Separation Protocol (LISP)

Answer 14

Designed to reduce the growth of routing tables. Advertises prefixes-called EIDs to a map resolver/map server (MR/MS) that is reachable by both sites usually over the internet. Request and replies sent over UDP port 4342.

Question 15

VXLANs

Answer 15

Lets you create layer 2 tunnels across layer 3 networks. It tunnels ethernet frames over IP/UDP

Question 16

VXLAN tunnel endpoint (VTEP)

Answer 16

A switch configured as a VTEP. VTEP use multicast to initially flood unknown unicast and broadcasts

Question 17

VXLAN Control Planes

Answer 17

2 options are LISP and EVPN with BGP.

Question 18

VRF-Lite Route Targets

Answer 18

Control the import and export of routes into the customer routing table

Question 19

LISP

Answer 19

LISP map resolver: Accepts LISP encapsulated map requests

LISP proxy ETR: Receives traffic from LISP sites and sends it to non-LISP sites

LISP ITR: Received packets from site-facing interfaces

LISP map server: Learns of EID prefix mapping entries from an ETR

Question 20

SD- WAN

Answer 20

vSmart controller - Manages the control plane. Distributes security information for tunnel establishment between vEdge routers

vBond - Handles the orchestration plane