Which type of VPN requires a full mesh of virtual circuits to provide optimal site-to-site connectivity?

Which type of VPN requires a full mesh of virtual circuits to provide optimal site-to-site
connectivity?

Which type of VPN requires a full mesh of virtual circuits to provide optimal site-to-site
connectivity?

A.
MPLS Layer 3 VPNs

B.
Layer 2 overlay VPNs

C.
GET VPNs

D.
peer-to-peer VPNs

Explanation:

http://etutorials.org/Networking/MPLS+VPN+Architectures/Part+2+MPLSbased+Virtual+Private+N
etworks/Chapter+7.+Virtual+Private+Network+VPN+Implementation+Options/Overlay+and+Peerto-peer+VPN+Model/
Two VPN implementation models have gained widespread use:
The overlay model, where the service provider provides emulated leased lines to the customer.
The service provider provides the customer with a set of emulated leased lines. These leased
lines are called VCs, which can be either constantly available (PVCs) or established on demand
(SVCs). The QoS guarantees in the overlay VPN model usually are expressed in terms of
bandwidth guaranteed on a certain VC (Committed Information Rate or CIR) and maximum
bandwidth available on a certain VC (Peak Information Rate or PIR). The committed bandwidth

guarantee usually is provided through the statistical nature of the Layer 2 service but depends on
the overbooking strategy of the service provider The peer-to-peer model, where the service
provider and the customer exchange Layer 3 routing information and the provider relays the data
between the customer sites on the optimum path between the sites and without the customer’s
involvement. The peer-to-peer VPN model was introduced a few years ago to alleviate the
drawbacks of the overlay VPN model. In the peer-to-peer model, the Provider Edge (PE) device is
a router (PE-router) that directly exchanges routing information with the CPE router. The Managed
Network service offered by many service providers, where the service provider also manages the
CPE devices, is not relevant to this discussion because it’s only a repackaging of another service.
The Managed Network provider concurrently assumes the role of the VPN
service provider (providing the VPN infrastructure) and part of the VPN customer role (managing
the CPE device).
The peer-to-peer model provides a number of advantages over the traditional overlay model:
Routing (from the customer’s perspective) becomes exceedingly simple, as the customer router
exchanges routing information with only one (or a few) PE-router, whereas in the overlay VPN
network, the number of neighbor routers can grow to a large number.
Routing between the customer sites is always optimal, as the provider routers know the
customer’s network topology and can thus establish optimum inter-site routing.
Bandwidth provisioning is simpler because the customer has to specify only the inbound and
outbound bandwidths for each site (Committed Access Rate [CAR] and Committed Delivery Rate
[CDR]) and not the exact site-to-site traffic profile.
The addition of a new site is simpler because the service provider provisions only an additional
site and changes the configuration on the attached PE-router. Under the overlay VPN model, the
service provider must provision a whole set of VCs leading from that site to other sites of the
customer VPN.
Prior to an MPLS-based VPN implementation, two implementation options existed for the peer-topeer VPN model:
The shared-router approach, where several VPN customers share the same PE-router.
The dedicated-router approach, where each VPN customer has dedicated PE-routers.
Overlay VPN paradigm has a number of drawbacks, most significant of them being the need for
the customer to establish point-to-point links or virtual circuits between sites. The formula to
calculate how many point-to-point links or virtual circuits you need in the worst case is ((n)(n-1))/2,
where n is the number of sites you need to connect. For example, if you need to have full–mesh
connectivity between 4 sites, you will need a total of 6 point-to-point links or virtual circuits. To
overcome this drawback and provide the customer with optimum data transport across the Service
Provider backbone, the peer-to-peer VPN concept was introduced where the Service Provider
actively participates in the customer routing, accepting customer routes, transporting them across
the Service Provider backbone and finally propagating them to other customer sites.



Leave a Reply 2

Your email address will not be published. Required fields are marked *


Lee Elder

Lee Elder

Hello, wrote 642-889 exam last week and passed successfully! Studied 2017 latest 642-889 pdf and vce dumps 130Q&As: https://www.braindump2go.com/642-889.html , This dumps covers all new questions and updated every day! some new questions i got:

QUESTION
When configuring class-based WRED on Cisco routers, which WRED parameter is not user
configurable on a Cisco IOS XR but is user configurable on a Cisco IOS and IOS XE?
A. the ingress or egress direction where the class-based WRED policy will be applied
B. the maximum threshold
C. the minimum threshold
D. the mark probability denominator
Answer: D

QUESTION
Which of the following three statements are correct regarding IPv6 QoS? (Choose three.)
A. The traffic class field in the IPv6 header can be used to set specific precedence or DSCP values.
B. A 20-bit flow label field enables per-flow processing.
C. DS-TE is not supported by IPv6.
D. Per-hop behavior in IPv6 networks is based on EXP bits.
E. IPv6 QoS features are configured using the modular QoS CLI on Cisco routers.
Answer: ABE

QUESTION
With unmanaged CE routers, at which point in the service provider network is the QoS trust
boundary, and what is required at the trust boundary?
A. between the CE and PE router and mapping of the customer traffic classes into the service
provider traffic classes at the PE router ingress
B. between the CE and PE router and trusting the QoS markings from the CE router and
applying the required QoS mechanisms based on the customer QoS markings
C. between the PE and the P router and mapping of the customer traffic classes into the service
provider traffic classes at the P router ingress
D. between the PE and P router and trusting the QoS markings from the CE router and applying
the required QoS mechanisms based on the customer QoS markings
E. between the customer network and the CE router ingress and applying the required egress
QoS policy on the CE router
Answer: A

QUESTION
On the Cisco IOS XR, when using the match protocol command within a class-map to classify
traffic, you noticed that the match protocol option on the Cisco IOS XR shows much fewer
protocol options than on the Cisco IOS or IOS XE, like there is no option such as the match
protocol yahoo-messenger command on the Cisco IOS XR. Why is this?
A. because the Cisco IOS XR router does not have the correct software packages installed
B. because when defining the class-map, the class-map type should be set to type inspect:
class- map type inspect class-map-name command
C. because NBAR is not supported on the Cisco IOS XR
D. because flexible packet matching has not been enabled on the Cisco IOS XR router
Answer: C

QUESTION
Within the service provider core network, which two QoS mechanisms are typically deployed on
the P routers? (Choose two.)
A. LLQ
B. traffic policing and remarking
C. WRED
D. traffic shaping
E. traffic classification and markings
F. link fragmentation and interleaving
Answer: AC

QUESTION
Which three steps are required to configure QPPB on Cisco IOS XR routers? (Choose three.)
A. Apply a QPPB route policy to the BGP process using the table-policy command
B. Apply a QPPB route policy to the BGP neighbor using the route-policy command
C. Define a QPPB route policy to match the customer routes, then set the IP precedence or qosgroup
D. Define a QPPB route policy to match the customer IP precedence or qos-group markings,
then set the BGP community
E. Enable QPPB on an interface using the ipv4 bgp policy propagation input ip-precedence|qosgroup
destination|source command
F. Enable QPPB on an interface using the ipv4 bgp policy propagation output ipprecedence|qos-
group destination|source command
Answer: ACE

QUESTION
The Cisco IOS and IOS XE qos pre-classify command allows which kind of packet classification
on IP packets that are encapsulated with GRE and IPsec?
A. allows for packets to be classified based on the ToS byte values before packet encryption
B. allows for packets to be classified based on the ToS byte values after packet encryption
C. allows for packets to be classified based on the packet payload before packet encryption
D. allows for packets to be classified based on the packet payload after packet encryption
E. allows for packets to be classified based on the packet header parameters other than the ToS
byte values after packet encryption
Answer: E

QUESTION
Which are typical class-based marking policies that are implemented on service provider IP NGN
PE routers?
A. On the PE ingress, classify the customer traffic and then mark with qos-group. On the PE
egress, classify based on the qos-group and then mark with mpls exp.
B. On the PE ingress, classify the customer traffic and then mark with mpls exp. On the PE
egress, classify based on the mpls exp and then mark with qos-group.
C. On the PE ingress, trust the customer QoS markings. On the PE egress, classify based on the
customer QoS markings and then mark with qos-group.
D. On the PE ingress, trust the customer QoS markings. On the PE egress, classify based on the
customer QoS markings and then mark with mpls exp.
Answer: A