Software Define Networking Sec and Network Programamability

Question 1

• Traditional Routing and Switching Planes
• Configuration and monitoring
• Typically done via the traditional CLI or GUI
• Each Vendor has this proprietary way to configure its devices

Answer 1

Management plane

Question 2

• Traditional Routing and Switching Planes
• Layer 2 protocols and Control
• Layer 3 Protocols (OSPF,BGP,RIP etc)

Answer 2

Control Plane

Question 3

• Traditional Routing and Switching Planes

- institutes how data is forwarded inside the hardware from interface to interface

Answer 3

Data Plane

Question 4

Introduced the notion of centralized controller. Has a global view of the network and it uses the common management protocol to configure the network infrastructure devices

• Centralizes management by abstracting the control plane from the data forwarding function in the discrete networking devices.
• Is an architecture designed to make a network more flexible and easier to manage

Answer 4

SDN

SDN Controller

Question 5

Provide the ability to automate settings and networking policies and configurations in a very flexible and scalable way.
-is an industry-leading secure, open, and comprehensive Software-Defined Networking (SDN) solution. It radically simplifies, optimizes, and accelerates infrastructure deployment and governance and expedites the application deployment lifecycle.

Answer 5

Cisco ACI Solution

Question 6

Is a network virtualization technology that leverages encapsulation technique similar to vlan to encapsulates layer 2 ethernet frames within UDP packets (over UDP 4789 , by default)

Answer 6

Virtual Extensible LAN (VXLAN)

Question 7

the ip address that represents the leaf VTEP is called?

Answer 7

Physical Tunnel endpoint (PTEP)

Question 8

Additional functions of APIC

Answer 8

• “observer”: monitors the health, state and performances information of CISCO ACI pod
• “boot director”: in charge of booting process and firmware updates
• “application director”: manages the formation and control of the APIC appliance cluster
• “virtual machine manager” is an agent between the policy repository and hypervisor management system (VMware centre”
• “event manager: manages and stores all the events and faults initiated from the APIC and CISCO ACI fabric nodes
• “appliance element”: maintains the inventory and state of the local APIC appliance

Question 9

allows you to tunnel layer 2 ethernet packets with different encapsulation over a layer 3 network

Answer 9

Overlay network

Question 10

enforce network segmentation in VM Level or containers regardless of VLAN or subnet

Answer 10

micro-segmentation

Question 11

Open source initiative trying to provide micro segmentation

Answer 11

Neutron from openstack
Open vswitch (OVS)
Open Virtual network (OVN)
Opendaylight (ODL)
Open platfrom for network function vritualizatio(OPNFV)
Contiv

Question 12

is used to communicate between the SDN controller and the switches and routers within the infrastructure. Enable SDN to dynamically makes changes based on real-time demands and scalability needs.

Answer 12

Southbound API

Question 13

are typically restful API that are used to communicate between the SDN controller and the services and applicaiton running over the network. in short it is the link between the application and sdn controller

Answer 13

Northbound APPI

Question 14

is a technology that addresses the virtualization of layer 4 through layer 7 services. Eg firewall, load balancer, security services

Answer 14

Network Functions Virtualization

Question 15

Open source solutions of. NFV. aims to be the base infrastructure layer for running virtual network functions

Answer 15

OPNVF

Question 16

is a solution created by cisco often referred to as the “ intent-based networking “ . Provides automation and assurance services across campus networks, wide area networks and branch networks.

Answer 16

Cisco Digital Network Achitecture(DNA)

Question 17

Northbound REST APIs that expose specific capabilties of the cisco DNA centre platfrom

Answer 17

Intent API

Question 18

Components of the Cisco DNA security solution. allows you to detect security threats in encrypted traffic without decrypting the packets

Answer 18

Cisco ETA (Encrypted traffic analytics)

Question 19

standard-based web services access protocol that was originally developed by microsoft and has been used by numerous legaccy applications for many years
-Exclusively uses XML to provide API services

Answer 19

Simple Object Access protocol(SOAP)

Question 20

is an API standard that is easier to use than SOAP. Utlises JSON instead of XML. It uses standards like swagger and OpenAPI specificatation

Answer 20

Representational State Transfer (REST) API

Question 21

another query language for API that provides many developers tool. now used for many mobile applicaitons and online dashboards

Answer 21

GraphQL and queryable API

Question 22

is a modern framework of API documentation and is now the basis of the Open API specifications (OAS)

Answer 22

swagger (openAPI)

Question 23

XML based language that is used to document the functionality of a web services

Answer 23

Web services description language (WSDL)

and Web application description language (WADL)

Question 24

is an api contract language used in many networking devices. defined in RFC6020

Answer 24

YANG

Question 25

specification written in YANG is referred to as ?

Answer 25

YANG module

Question 26

collection of yang module is called

Answer 26

YANG model

Question 27

yang model of a devices is often called?

defining the structure and content of messages between the application and the devices

Answer 27

schema

Question 28

defined in RFC 6421 and 6422. created to overcome the challenges in SNMP

Answer 28

NETCONF

Question 29

defined is RFC 8040 and it follows the REST principles

Answer 29

RESTCONF

Question 30

is a collaborative effort to provide vendor neutral data models (in YANG) for network devices

Answer 30

OpenConfig

Question 31

Similar to NETCONF and RESTCONF. Uses YANG models but it can be used with other interface description language (IDL)

Answer 31

gRPC Network Management interface (gNMI)

Question 32

an appliance that provides graphical and programming interface to design, configure, monitor and troubleshoot your network devices
-A takes a software-delivered approach to automating and assuring services across your campus, WAN, and branch networks.

Answer 32

Cisco DNA

Question 33

VXLAN uses an identifier that represent a logical segment that is called ?

Answer 33

VXLAN Network Identifier

Question 34

IP Tunneling mechanism sample

Answer 34

Virtual Extensible Lan (VXLAN)
Network Virtualization using generic encapsulation (NVGRE)
Stateless Transport Tunneling (STT)
Generic Network Virtualization Encapsulation (GENEVE)