LISP & VXLAN Questions
Note: If you are not sure about LISP or VXLAN, please read our LISP Tutorial and VXLAN tutorial.
Question 1
Explanation
An Egress Tunnel Router (ETR) connects a site to the LISP-capable part of a core network (such as the Internet), publishes EID-to-RLOC mappings for the site, responds to Map-Request messages, and decapsulates and delivers LISP-encapsulated user data to end systems at the site.
Question 2
Explanation
Proxy ingress tunnel router (PITR): A PITR is an infrastructure LISP network entity that receives packets from non-LISP sites and encapsulates the packets to LISP sites or natively forwards them to non-LISP sites.
Reference: https://www.ciscopress.com/articles/article.asp?p=2992605
Note: The proxy egress tunnel router (PETR) allows the communication from the LISP sites to the non-LISP sites. The PETR receives LISP encapsulated traffic from ITR.
Question 3
Explanation
Locator ID Separation Protocol (LISP) is a network architecture and protocol that implements the use of two namespaces instead of a single IP address:
+ Endpoint identifiers (EIDs)—assigned to end hosts.
+ Routing locators (RLOCs)—assigned to devices (primarily routers) that make up the global routing system.
Question 4
Explanation
Locator ID Separation Protocol (LISP) is a network architecture and protocol that implements the use of two namespaces instead of a single IP address:
+ Endpoint identifiers (EIDs) – assigned to end hosts.
+ Routing locators (RLOCs) – assigned to devices (primarily routers) that make up the global routing system.
Question 5
Explanation
802.1Q VLAN identifier space is only 12 bits. The VXLAN identifier space is 24 bits. This doubling in size allows the VXLAN ID space to support 16 million Layer 2 segments -> Answer B is not correct.
VXLAN is a MAC-in-UDP encapsulation method that is used in order to extend a Layer 2 or Layer 3 overlay network over a Layer 3 infrastructure that already exists.
Question 6
Explanation
Locator ID Separation Protocol (LISP) is a network architecture and protocol that implements the use of two namespaces instead of a single IP address:
+ Endpoint identifiers (EIDs)—assigned to end hosts.
+ Routing locators (RLOCs)—assigned to devices (primarily routers) that make up the global routing system.
Question 7
Explanation
VTEPs connect between Overlay and Underlay network and they are responsible for encapsulating frame into VXLAN packets to send across IP network (Underlay) then decapsulating when the packets leaves the VXLAN tunnel.
Question 8
Question 9
Explanation
In this question we suppose that we only need to send packets from LISP site to non-LISP site successfully. We don’t care about the way back (if we care about the way back then all PETR, PITR, MS & MR are needed).
Proxy Egress Tunnel Router (PETR): A LISP device that de-encapsulates packets from LISP sites to deliver them to non-LISP sites.
When the xTR in LISP Site 1 want to sends traffic to Non-LISP site, the ITR (not PETR) needs a Map Resolver (MR) to send Map Request to. When the ITR (the xTR in LISP Site 1 in the figure above) receives negative MAP-Reply packet from MR, it caches that prefix and map it to the PETR.
Good reference: https://netmindblog.com/2019/12/04/lisp-locator-id-separation-protocol-part-ii-pxtr/
Question 10
Explanation
Locator ID Separation Protocol (LISP) solves this issue by separating the location and identity of a device through the Routing locator (RLOC) and Endpoint identifier (EID):
+ Endpoint identifiers (EIDs) – assigned to end hosts.
+ Routing locators (RLOCs) – assigned to devices (primarily routers) that make up the global routing system.
Question 11
Explanation
VXLAN uses an 8-byte VXLAN header that consists of a 24-bit VNID and a few reserved bits. The VXLAN header together with the original Ethernet frame goes in the UDP payload. The 24-bit VNID is used to identify Layer 2 segments and to maintain Layer 2 isolation between the segments.
Let’s see the structure of a VXLAN packet to understand how (note: VNI = VNID)
The key fields for the VXLAN packet in each of the protocol headers are:
+ Outer MAC header (14 bytes with 4 bytes optional) – Contains the MAC address of the source VTEP and the MAC address of the next-hop router. Each router along the packet’s path rewrites this header so that the source address is the router’s MAC address and the destination address is the next-hop router’s MAC address.
+ Outer IP header (20 bytes)- Contains the IP addresses of the source and destination VTEPs.
+ (Outer) UDP header (8 bytes)- Contains source and destination UDP ports:
– Source UDP port: The VXLAN protocol repurposes this standard field in a UDP packet header. Instead of using this field for the source UDP port, the protocol uses it as a numeric identifier for the particular flow between VTEPs. The VXLAN standard does not define how this number is derived, but the source VTEP usually calculates it from a hash of some combination of fields from the inner Layer 2 packet and the Layer 3 or Layer 4 headers of the original frame.
– Destination UDP port: The VXLAN UDP port. The Internet Assigned Numbers Authority (IANA) allocates port 4789 to VXLAN.
+ VXLAN header (8 bytes)- Contains the 24-bit VNI (or VNID)
+ Original Ethernet/L2 Frame – Contains the original Layer 2 Ethernet frame.
No Premium Member: You can test your knowledge with these questions first via this link (via Flash) or this link (via HTML). To test for this section!
I Think D (MAP RESOLVER) is a better answer. The cloud facing interface on R1 and R2 all other router in the cloud are considered RLOC by definition. MR respond with the mapping that leads ITR (R1) to forward traffic to ETR (R2).
According to RFC 6833, The LISP Mapping Service defines two new types of LISP-speaking
devices: the Map-Resolver, which accepts Map-Requests from an Ingress
Tunnel Router (ITR) and “resolves” the EID-to-RLOC mapping using a
mapping database; and the Map-Server, which learns authoritative
EID-to-RLOC mappings from an Egress Tunnel Router (ETR) and publishes
them in a database.
The answer should be MapServer(B).
Okay, after further reading the answer is A. The Map Server responds with the mappings on behalf of the ETR b/c a ‘proxy map reply flag’ is set. By default, the ETR sends(publishes) the EID-to-RLOC mappings to ITR. See “LISP Data Path” in ENCOR350-401 Official Cert Guide(p470).
Q2:
Non-LISP site <——— PETR PITR ———-> LISP site
ITR means ingress (going inside LISP network)
Proxy is used when communication between Non-LISP and LISP sites
Non-LISP site ——-> PITR ——–> LISP site
@digitaltut what is the correct answer in Q1? Here it says A but in flash is B?
@Anonymous: The correct answer is A. ETR.
wasted $200 on impartial and totally inaccurate dumps from other sites. Last I checked here it was not any material for ENCOR. Now it’s flush with good stuff. Well worth premium! I have been a CCNP for almost 15 years and just needed a good refresher for the academics.
which answar is true
Which statement about VXLAN is true?
A. VXLAN uses TCP 35 the transport protocol over the physical data center network
B. VXLAN extends the Layer 2 Segment ID field to 24-bits, which allows up to 4094 unique Layer 2 segments over the same network
C. VXLAN encapsulates a Layer 2 frame in an IP-UDP header, which allows Layer 2 adjacency across router boundaries
D. VXLAN uses the Spanning Tree Protocol for loop prevention
Q9 …Which two LISP infrastructure elements are needed to support LISP to non -LISP internetworking
ADMIN… the more correct answer to me seems PXTR and PITR… because these are the two devices responsible for comm between non lisp to lisp …..if you want to select MR then there is also a logic to select MS as well…..
Can you please have a look again ??????
Really not a good and clear question … Hate cisco for these cheap tricks ….
Map Server (MS) is a network device (typically a router) that learns EID-to-prefix mapping entries from an ETR and stores them in a local EID-to-RLOC mapping database.
Answer to Q1 should be MS not ETR.
I think PITR and PETR should be the answer for Q9 as they are responsible for communication to non-LISP sites. I checked OCG and your reference as well.
Q11.
Could it be that the correct answer is C VTEP.
It is correct that the VNID is the header to be able to do the isolation, but I would say the VTEP is responsible for the isolation with the help of the VNID.
Q11.
The VXLAN header together with the original Ethernet frame goes in the UDP payload. The 24-bit VNID is used to identify Layer 2 segments and to maintain Layer 2 isolation between the segments.
https://www.cisco.com/c/en/us/products/collateral/switches/nexus-9000-series-switches/white-paper-c11-729383.html
I also agree the MS should be #1 as this is straight from Cisco:
The fundamental behavior of LISP is to separate the EID from the RLOC, which allows the host to retain its identity even with a change in location. But the seamless mobility is achieved using the EID-to-RLOC mapping, which is maintained in the distributed database. The map server (MS) learns EID-to-RLOC mapping entries from the ETRs and “publishes” these mappings to the distributed mapping database. To publish its EID prefixes, an ETR periodically sends its mapping entries to the MS. The MS also receives the map requests via the mapping system and forwards them to the registered ETRs.
Again, straight from Cisco on #9:
Proxy ingress tunnel router (PITR): A PITR is an infrastructure LISP network entity that receives packets from non-LISP sites and encapsulates the packets to LISP sites or natively forwards them to non-LISP sites.
Proxy egress tunnel router (PETR): A PETR is an infrastructure LISP network entity that de-encapsulates packets from LISP sites to deliver them to non-LISP sites.
Map resolver (MR): The MR performs the following functions:
Receives MAP requests, which are encapsulated by ITRs.
Provides a service interface to the ALT router, de-encapsulates MAP requests, and forwards on the ALT topology.
Sends negative MAP replies in response to MAP requests for non-LISP sites.
For #1 – ETR
LISP Egress Tunnel Router
An ETR connects a site to the LISP-capable part of a core network (such as the Internet), publishes EID-to-RLOC mappings for the site, responds to Map-Request messages, and decapsulates and delivers LISP-encapsulated user data to end systems at the site. During operation, an ETR sends periodic Map-Register messages to all its configured map servers. The Map-Register messages contain all the EID-to-RLOC entries for the EID-numbered networks that are connected to the ETR’s site.
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_lisp/configuration/xe-3s/irl-xe-3s-book/irl-overview.html
On Q11 Correct = A and B
this is from your own source cited under the question ?
To establish communication between LISP and non LISP sites an extra components must be use, a proxy ingress tunnel router (PITR), which allows non-LISP sits to send packet toward LISP sites. The PITR attracts traffic from non-LISP sites by advertising aggregate prefixes for the LISP EID into the non-LISP network. When PITR receives packets from non-LISP sites it encapsulate and forward these packets to LISP sites. The second element to establish communication between the LISP and non-LISP sites is called a proxy egress tunnel router (PETR). The PETR allows the communication from the LISP sites to the non-LISP sites. The PETR receives LISP encapsulated traffic from ITR. The PITR and PETR can be combine and deployed on the same node called (PxTR) to provide symmetric traffic when stateful inspection devices are deployed between LISP and non-LISP sites.
@digitaltut sorry the above as directed @digitaltut
Question 9
Which two LISP infrastructure elements are needed to support LISP to non -LISP internetworking? (Choose two)
The answer should be:
A. PETR
B. PITR
The question is to test if you know the components of LISP to non-LISP scenario. MS/MR of course are needed, but both are listed as answers, which mean that neither of them should be selected.
passed the test today. got 8-9 new questions and 2 new Drag and drop about FIB/RIB and Cloud/On-Prem.
check show commands for ip sla.
Labs i got are bgp r2 as-override, ospf p2p, hsrp. all in here.
ip sla for udp-jitter setup
new access-list question.
q&a are still valid. thanks @digitaltut.