VMware 3V0-25.25 Exam - Topic 3 Question 5 Discussion

Actual exam question for VMware's 3V0-25.25 exam

Question #: 5
Topic #: 3

An administrator has been tasked with providing a networking solution including a Source and Destination NAT for a single Tenant. The tenant is using Centralized Connectivity with a Tier-0 Gateway named Ten-A-Tier-0 supported by an Edge cluster in Active-Active mode. The NAT solution must be available for multiple subnets within the Tenant space. The administrator chooses to deploy a Tier-1 Gateway to implement the NAT solution. How would the administrator complete the task?

AChange Ten-A-Tier-0 to Active-Standby to support the stateful NAT.

BCreate a new Tier-0 Gateway in Active-Standby mode and attach another Tier-1 Gateway.

CCreate a Tier-1 Gateway in Distributed Routing mode only and do not attach it to Ten-A-Tier-0.

DCreate a new Tier-1 Gateway in Active-Standby mode and attach it to Ten-A-Tier-0.

Show Suggested Answer

Suggested Answer: D

Comprehensive and Detailed 250 to 350 words of Explanation From VMware Cloud Foundation (VCF) documents:

In a VMware Cloud Foundation (VCF) environment, the implementation of stateful services---such as Source NAT (SNAT) and Destination NAT (DNAT)---requires a specific architectural configuration within the NSX component. This is because stateful services need a centralized point of processing (a Service Router or SR) to maintain the session state tables and ensure that return traffic is processed by the same node that initiated the session.

The scenario describes a provider-level Tier-0 Gateway running in Active-Active mode. While Active-Active provides high-performance North-South throughput via ECMP (Equal Cost Multi-Pathing), it does not support stateful NAT services because asymmetric traffic flows would break the session tracking. Rather than changing the Tier-0 to Active-Standby (which would reduce overall throughput for the entire environment), the architecturally sound approach is to offload the stateful services to a Tier-1 Gateway.

According to VCF design guides, when a Tier-1 Gateway is required to perform NAT for multiple subnets, it must be configured as a Stateful Tier-1. This involves associating the Tier-1 with an Edge Cluster and setting its high-availability mode to Active-Standby. Once the Tier-1 is created in this mode, it creates a Service Router (SR) component on the selected Edge Nodes. By attaching this Active-Standby Tier-1 to the existing Active-Active Tier-0 (Ten-A-Tier-0), the tenant's subnets can enjoy the benefits of localized stateful NAT while the environment maintains high-performance, non-stateful routing at the Tier-0 layer.

Option A is inefficient as it impacts the entire Tier-0. Option B is redundant. Option C is incorrect because a 'Distributed Routing only' Tier-1 (one without an Edge Cluster association) cannot perform stateful NAT. Therefore, creating an Active-Standby Tier-1 and linking it to the provider Tier-0 is the verified VCF multi-tenant design pattern.

===========

by Precious at Mar 05, 2026, 03:39 PM

Limited Time Offer

25%

Off

Get Premium 3V0-25.25 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!