Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Juniper Exam JN0-683 Topic 4 Question 7 Discussion

Actual exam question for Juniper's JN0-683 exam
Question #: 7
Topic #: 4
[All JN0-683 Questions]

You are adding a server lo a tenant's network within your data center and must limit access to a specific traffic type within the tenant network without pushing all tenant traffic through a firewall.

What will satisfy this requirement?

Show Suggested Answer Hide Answer
Suggested Answer: B, C, E

Understanding ERB Architecture:

ERB (Edge Routed Bridging) architecture is a network design where the routing occurs at the edge (leaf devices) rather than in the spine devices. In a VXLAN overlay network with EVPN as the control plane, leaf devices typically act as both Layer 2 (L2) and Layer 3 (L3) VXLAN gateways.

Placement of VXLAN Gateways:

Option B: All leaf devices will have L2 VXLAN gateways to handle the bridging of VLAN traffic into VXLAN tunnels.

Option C: All leaf devices will also have L3 VXLAN gateways to route traffic between different VXLAN segments (VNIs) and external networks.

Option E: Spine devices in an ERB architecture generally do not function as VXLAN gateways. They primarily focus on forwarding traffic between leaf nodes and do not handle VXLAN encapsulation/decapsulation.

Conclusion:

Option B: Correct---All leaf devices will have L2 VXLAN gateways.

Option C: Correct---All leaf devices will have L3 VXLAN gateways.

Option E: Correct---Spine devices will not act as VXLAN gateways


by Billye at Sep 15, 2024, 02:56 AM

Limited Time Offer

25%

Off

Get Premium JN0-683 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Adolph
19 days ago
Hmm, I wonder if we can use a magic spell to teleport the new server into a secure bubble. Might be faster than these networking options!
upvoted 0 times
...
Susana
25 days ago
Hey, at least they're not asking us to set up a firewall made of duct tape and paperclips! That's progress, right?
upvoted 0 times
...
Diego
26 days ago
D) is a valid choice, but using a static route with a firewall as the next hop feels a bit clunky. I'd prefer a more dynamic solution if possible.
upvoted 0 times
Haley
7 days ago
D) Use a static route in the tenant VRF with a firewall as the next hop for traffic to the new server.
upvoted 0 times
...
Torie
8 days ago
B) Use filter-based forwarding.
upvoted 0 times
...
Tarra
20 days ago
A) Use route leaking with EVPN and a routing policy.
upvoted 0 times
...
...
Felicidad
1 months ago
C) is an interesting option, but I'm not sure it fully satisfies the requirement of limiting access without going through a firewall.
upvoted 0 times
Leslie
1 days ago
C) Put the new server on a unique subnet within the tenant's network.
upvoted 0 times
...
Marylin
3 days ago
B) Use filter-based forwarding.
upvoted 0 times
...
Delila
22 days ago
A) Use route leaking with EVPN and a routing policy.
upvoted 0 times
...
...
Shoshana
2 months ago
I'm leaning towards A) with the EVPN route leaking. That seems like a more elegant and scalable approach compared to the other options.
upvoted 0 times
Lenita
24 days ago
User 2: Yeah, it's definitely a more elegant solution compared to the other choices.
upvoted 0 times
...
Amalia
1 months ago
User 1: I agree, using route leaking with EVPN seems like the best option.
upvoted 0 times
...
...
Lynette
2 months ago
Hmm, I think B) is the way to go. Filter-based forwarding sounds like the perfect solution to limit access without going through a firewall.
upvoted 0 times
...
Floyd
2 months ago
Hmm, I see your point. But I still think option A) provides more flexibility and control over the traffic.
upvoted 0 times
...
Ria
2 months ago
I disagree, I believe option B) using filter-based forwarding would be a better solution.
upvoted 0 times
...
Floyd
2 months ago
I think option A) using route leaking with EVPN and a routing policy could work.
upvoted 0 times
...

Save Cancel