Which type of VPN requires a full mesh of virtual circuits to provide optimal site-to-site
connectivity?
A.
MPLS Layer 3 VPNs
B.
Layer 2 overlay VPNs
C.
GET VPNs
D.
peer-to-peer VPNs
Explanation:
http://etutorials.org/Networking/MPLS+VPN+Architectures/Part+2+MPLSbased+Virtual+Private+N
etworks/Chapter+7.+Virtual+Private+Network+VPN+Implementation+Options/Overlay+and+Peerto-peer+VPN+Model/
Two VPN implementation models have gained widespread use:
The overlay model, where the service provider provides emulated leased lines to the customer.
The service provider provides the customer with a set of emulated leased lines. These leased
lines are calledVCs, which can be either constantly available (PVCs) or established on demand
(SVCs). The QoSguarantees in the overlay VPN model usually are expressed in terms of
bandwidth guaranteed on a certain VC(Committed Information Rate or CIR) and maximum
bandwidth available on a certain VC (Peak InformationRate or PIR). The committed bandwidthguarantee usually is provided through the statistical nature of theLayer 2 service but depends on
the overbooking strategy of the service providerThe peer-to-peer model, where the service
provider and the customer exchange Layer 3 routing informationand the provider relays the data
between the customer sites on the optimum path between the sites andwithout the customer’s
involvement.The peer-to-peer VPN model was introduced a few years ago to alleviate the
drawbacks of the overlay VPNmodel. In the peer-to-peer model, the Provider Edge (PE) device is
a router (PE-router) that directly exchangesrouting information with the CPE router. The Managed
Network service offered by many service providers,where the service provider also manages the
CPE devices, is not relevant to this discussion because it’s only arepackaging of another service.
The Managed Network provider concurrently assumes the role of the VPN
service provider (providing the VPN infrastructure) and part of the VPN customer role (managing
the CPEdevice).
The peer-to-peer model provides a number of advantages over the traditional overlay model:
Routing (from the customer’s perspective) becomes exceedingly simple, as the customer router
exchangesrouting information with only one (or a few) PE-router, whereas in the overlay VPN
network, the number ofneighbor routers can grow to a large number.
Routing between the customer sites is always optimal, as the provider routers know the
customer’s networktopology and can thus establish optimum inter-site routing.
Bandwidth provisioning is simpler because the customer has to specify only the inbound and
outboundbandwidths for each site (Committed Access Rate [CAR] and Committed Delivery Rate
[CDR]) and not theexact site-to-site traffic profile.
The addition of a new site is simpler because the service provider provisions only an additional
site andchanges the configuration on the attached PE-router. Under the overlay VPN model, the
service provider mustprovision a whole set of VCs leading from that site to other sites of the
customer VPN.
Prior to an MPLS-based VPN implementation, two implementation options existed for the peer-topeer VPNmodel:
The shared-router approach, where several VPN customers share the same PE-router.
The dedicated-router approach, where each VPN customer has dedicated PE-routers.
Overlay VPN paradigm has a number of drawbacks, most significant of thembeing the need for the
customer to establish point-to-point links or virtual circuitsbetween sites. The formula to calculate
how many point-to-point links or virtualcircuits you need in the worst case is ((n)(n-1))/2, where n is
the number of sitesyou need to connect. For example, if you need to have full–mesh
connectivitybetween 4 sites, you will need a total of 6 point-to-point links or virtual circuits.To
overcome this drawback and provide the customer with optimum datatransport across the Service
Provider backbone, the peer-to-peer VPN conceptwas introduced where the Service Provider
actively participates in the customerrouting, accepting customer routes, transporting them across
the Service Providerbackbone and finally propagating them to other customer sites.
VPNs
Overlay VPNs
..Layer 2 VPNs
…X.25
…Frame Relay
…ATM
..Layer 3 VPNs
…GRE
…DMVPN
…IPSec
…L2TPv3
…SSL VPN
Peer-to-Peer VPN
..ACLs (Shared router)
..Split routing (dedicated router)
..GET VPN
..MPLS VPN
Completed the Cisco 642-889 exam few days ago! Scored 965/1000 points! Got 2 LABs and no D&D questions! 4 new questions about MAC-in-MAC or IEEE 802.1ah. All questions were from passleader 642-889 dumps(http://www.passleader.com/642-889.html), 100% valid now!