Which of these is a result of using the same routing protocol process for routing outside and inside the VPN tunnel?

Which of these is a result of using the same routing protocol process for routing outside and inside the VPN tunnel?

Which of these is a result of using the same routing protocol process for routing outside and inside the VPN tunnel?

A.
This will provide for routing-protocol-based failover redundancy.

B.
Spoke routers will able to dynamically learn routes to peer networks.

C.
This will allow VPN-encapsulated packets to be routed out the correct physical interface used to reach the remote peer

D.
The tunnel will constantly flap.



Leave a Reply 1

Your email address will not be published. Required fields are marked *


Ken

Ken

I believe the answer should be D. Per the official 642-637 cert guide:

Recursive Routing Hazard
You must take precautions when configuring dynamic routing protocols to ensure that there is a device that participates in the same routing protocol both outside the VPN tunnel (the transport network) and inside the tunnel (directly with VPN peers).

This could be a possibility if an organization is in control of the transport network and wants to provide high availability through dynamic routing, both inside the transport network and inside the VPN to ensure continuous connectivity.

This kind of routing requires that VPN devices be prevented from learning the paths to their remote peer tunnel destination IP addresses over the VPN tunnel itself. The single-hop path over the VPN will always be a better route than the path over the transport net-
work. This situation will break the tunnel because it causes the VPN-encapsulated packet to be routed into its own tunnel interface instead of being routed out the correct physical interface that is used to reach the remote VPN peer. Cisco IOS Software will react to this
behavior by flapping the tunnel interface.

Use either route filtering or a different routing protocol for the transport network and the VPN network to avoid this recursive routing issue.