New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Juniper JN0-683 Exam - Topic 4 Question 7 Discussion

Actual exam question for Juniper's JN0-683 exam
Question #: 7
Topic #: 4
[All JN0-683 Questions]

You are adding a server lo a tenant's network within your data center and must limit access to a specific traffic type within the tenant network without pushing all tenant traffic through a firewall.

What will satisfy this requirement?

Show Suggested Answer Hide Answer
Suggested Answer: B, C, E

Understanding ERB Architecture:

ERB (Edge Routed Bridging) architecture is a network design where the routing occurs at the edge (leaf devices) rather than in the spine devices. In a VXLAN overlay network with EVPN as the control plane, leaf devices typically act as both Layer 2 (L2) and Layer 3 (L3) VXLAN gateways.

Placement of VXLAN Gateways:

Option B: All leaf devices will have L2 VXLAN gateways to handle the bridging of VLAN traffic into VXLAN tunnels.

Option C: All leaf devices will also have L3 VXLAN gateways to route traffic between different VXLAN segments (VNIs) and external networks.

Option E: Spine devices in an ERB architecture generally do not function as VXLAN gateways. They primarily focus on forwarding traffic between leaf nodes and do not handle VXLAN encapsulation/decapsulation.

Conclusion:

Option B: Correct---All leaf devices will have L2 VXLAN gateways.

Option C: Correct---All leaf devices will have L3 VXLAN gateways.

Option E: Correct---Spine devices will not act as VXLAN gateways


by Billye at Sep 15, 2024, 02:56 AM

Limited Time Offer

25%

Off

Get Premium JN0-683 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Keva
3 months ago
Wait, can you really do that without a firewall?
upvoted 0 times
...
Leatha
3 months ago
D just adds unnecessary complexity, right?
upvoted 0 times
...
Marvel
3 months ago
C sounds too simple, not sure it would work.
upvoted 0 times
...
Graciela
4 months ago
I think B is better for filtering traffic.
upvoted 0 times
...
Thurman
4 months ago
A is the way to go with EVPN!
upvoted 0 times
...
Laticia
4 months ago
I feel like using a static route with a firewall as the next hop could be overkill for this scenario, but it might be worth considering.
upvoted 0 times
...
Louis
4 months ago
Putting the server on a unique subnet seems like a straightforward approach, but I'm not convinced it fully limits access as required.
upvoted 0 times
...
Ludivina
4 months ago
I remember practicing with filter-based forwarding, so option B might be the right choice, but I need to double-check the specifics.
upvoted 0 times
...
Colette
5 months ago
I think option A sounds familiar, but I'm not entirely sure how route leaking works in this context.
upvoted 0 times
...
Thersa
5 months ago
This is a tricky one, but I'm feeling confident. I'm leaning towards option B, filter-based forwarding, as it seems to directly address the requirement of limiting access without a firewall.
upvoted 0 times
...
Mila
5 months ago
Based on the details provided, I think option A with EVPN and a routing policy could be a good solution. It seems like it would allow me to control the traffic without a full firewall.
upvoted 0 times
...
Gaynell
5 months ago
I'm a bit confused by the wording of the question. Does "route leaking" mean something specific in this context? I'll need to review that concept before deciding.
upvoted 0 times
...
Dorethea
5 months ago
Okay, let's see. The key here is limiting access to a specific traffic type without going through a firewall. I think option B, using filter-based forwarding, might be the way to go.
upvoted 0 times
...
Chara
5 months ago
Hmm, this seems like a tricky one. I'll need to think through the options carefully to make sure I understand the requirements.
upvoted 0 times
...
Henriette
5 months ago
Hmm, I'm a bit confused by the wording of the question. Does the fact that Unit A has those extra profile options mean that all transactions get automatically assigned there, or is it just that Paul can only create them for that unit? I'll have to re-read it carefully.
upvoted 0 times
...
Adolph
9 months ago
Hmm, I wonder if we can use a magic spell to teleport the new server into a secure bubble. Might be faster than these networking options!
upvoted 0 times
Jodi
8 months ago
C) Put the new server on a unique subnet within the tenant's network.
upvoted 0 times
...
Candida
9 months ago
B) Use filter-based forwarding.
upvoted 0 times
...
Penney
9 months ago
A) Use route leaking with EVPN and a routing policy.
upvoted 0 times
...
...
Susana
10 months ago
Hey, at least they're not asking us to set up a firewall made of duct tape and paperclips! That's progress, right?
upvoted 0 times
...
Diego
10 months ago
D) is a valid choice, but using a static route with a firewall as the next hop feels a bit clunky. I'd prefer a more dynamic solution if possible.
upvoted 0 times
Haley
9 months ago
D) Use a static route in the tenant VRF with a firewall as the next hop for traffic to the new server.
upvoted 0 times
...
Torie
9 months ago
B) Use filter-based forwarding.
upvoted 0 times
...
Tarra
9 months ago
A) Use route leaking with EVPN and a routing policy.
upvoted 0 times
...
...
Felicidad
10 months ago
C) is an interesting option, but I'm not sure it fully satisfies the requirement of limiting access without going through a firewall.
upvoted 0 times
Leslie
9 months ago
C) Put the new server on a unique subnet within the tenant's network.
upvoted 0 times
...
Marylin
9 months ago
B) Use filter-based forwarding.
upvoted 0 times
...
Delila
10 months ago
A) Use route leaking with EVPN and a routing policy.
upvoted 0 times
...
...
Shoshana
10 months ago
I'm leaning towards A) with the EVPN route leaking. That seems like a more elegant and scalable approach compared to the other options.
upvoted 0 times
Lenita
10 months ago
User 2: Yeah, it's definitely a more elegant solution compared to the other choices.
upvoted 0 times
...
Amalia
10 months ago
User 1: I agree, using route leaking with EVPN seems like the best option.
upvoted 0 times
...
...
Lynette
10 months ago
Hmm, I think B) is the way to go. Filter-based forwarding sounds like the perfect solution to limit access without going through a firewall.
upvoted 0 times
...
Floyd
11 months ago
Hmm, I see your point. But I still think option A) provides more flexibility and control over the traffic.
upvoted 0 times
...
Ria
11 months ago
I disagree, I believe option B) using filter-based forwarding would be a better solution.
upvoted 0 times
...
Floyd
11 months ago
I think option A) using route leaking with EVPN and a routing policy could work.
upvoted 0 times
...

Save Cancel