Category Archives: 14. CCDA

CCDP: Chapter 1 Optimal Enterprise Campus Design

Path Isolation Techniques:
The VRF instance on a networking device is an isolated object that must be linked to other instances of the same VRF on other devices throughout the network. There are several means by which this is accomplished today. Following are the most common methods to achieve path isolation across the campus network:

1. Hop-by-hop VRF-Lite based – VRF-Lite deployed on a hop-by-hop basis in a campus uses 802.1Q trunks to interconnect the devices configured for VRFs.
2. Hop-by-hop easy virtual network (EVN) based – Hop-by-hop VRF-lite is manageable for networks with fewer numbers of virtual networks and fewer numbers of hops in a virtual network path.
3. Multihop GRE tunneling based – If not all devices in the path support VRF-Lite,the VRF can be transported using generic routing encapsulation (GRE) tunnels so that each VRF can be mapped to a specific tunnel interface.

Although the design options and recommendations discussed in this chapter are best practices intended to achieve the best convergence possible, each network is unique; and constraints such as cost, physical plant limitations, or application requirements may limit full implementation of these recommendations.
The hierarchical network model is essential for achieving high availability. In a hierarchical design, the capacity, features, and functionality of a specific device are optimized for its position in the network and the role that it plays. As a result, you can achieve more optimized scalability and stability. If the foundation is not rock solid, the performance of applications that depend on network services such as IP telephony, IP video, and wireless communications will eventually suffer.
In addition, in today’s evolved networking environments, typical campus network designs use a mix of switching (Layer 2) technologies at the network edge (access) and routing (Layer 3) technologies at the network core (distribution and core layers). Thus, based on the design model used in the campus network, network virtualization can be achieved either at the network access layer (Layer 2) by means of VLANs or at the network core (Layer 3) by using GRE tunnels, VRF-Lite, and/or MPLS-based Layer 3 VPNs to partition the routed domain and thus achieve scalable end-to-end virtualization.

After answering the following questions, please refer to Appendix A, “Answers to
Review Questions,” for the answers.
1. Which is the recommended access-distribution design model when you need to span Layer 2 VLANs across access layer switches? a. Routed access model
b. Loop-free Invert-U topology
c. Virtual switch model
d. Multitier access model

2. Large enterprises with several departments need to have the flexibility to restrict users’ communication from different departments across the campus and to the data center applications based on the department they belong to. Which one of the f ollowing design approaches or mechanisms would you suggest using without i ntroducing operational complexity or cost increases?
a. Provision a separate physical network per department.
b. Place a pair of firewalls at the data center and require users to use VPN to log in and access the required applications per department.
c. Use lists end to end across the network to achieve the required communication restriction between the users who belong to different departments.
d. Use network virtualization, in which each department will be assigned its own virtual network to achieve end-to-end traffic separation.

3. Which statements are true of hierarchal campus design? (Select two.)
a. It increases operational complexity.
b. It increases design flexibility.
c. It requires more physical cabling.
d. It leads to more manageable networks.
e. It is not recommended in today’s campus network designs.
4. Which two design models offer the fastest convergence time following a distribution switch failure? (Select two.) a. Loop-free U topology
b. Loop-free Invert-U topology
c. Virtual switch model
d. Routed access model
e. Multitier triangle access model with Layer 3 distribution-to-distribution link

5. Which statement about hierarchal campus design is true?
a. The core layer is always recommended.
b. Collapsed core/distribution is the most recommended design model.
c. The core layer is recommended when you have three or more distribution blocks.
d. The core layer is recommended when you have five or more distribution blocks.

6. Which one of the following design approaches or mechanisms would you suggest an organization using the routed access design model would need to deploy path isolation? a. Configure Layer 2 VLANs per virtual network at the access layer and configure a VRF per VLAN at the distribution layer.
b. Use GRE tunneling per virtual network. The tunnels should be built between the distribution switches.
c. Configure MPLS at the core and VRFs at the distribution layer.
d. Configure Layer 2 VLANs per virtual network at the access layer and map each VLAN to a VRF at the access layer. VRFs need to be defined across the path end to end with a subinterface per VRF.

7. Which statement is true about the virtual switch design model?
a. It is always recommended to be used at the core only.
b. It is complex to manage.
c. It eliminates the need to implement any FHRP such as HSRP.
d. It is easy to manage but increases convergence time.

8. Which statements are true about FHRP? (Select two.)
a. It is always recommended to be used with the routed access design.
b. GLBP offers better load distribution.
c. GLBP may lead to asymmetrical routing.
d. HSRP does not support subsecond convergence time.

B – C
D – D
DA – C
C – C
C – BC