WAN Architectures

Question 1

WAN stands for

Answer 1

Wide Area Network

Question 2

MPLS stands for

Answer 2

Multi-Protocol Label Switching

Question 3

Describe what a Leased Line is

Answer 3

A dedicated, private (not over the internet), physical connection between two sites.

Leased line typically means serial connections, with PPP or HDLC encapsulation. Basically dead at this point due to both cost and outdated tech

Question 4

WAN via Ethernet typically involves which physical media?

Answer 4

Fiber

Question 5

When sending traffic between sites over shared infrastructure (like the internet), best practice is to utilize what?

Answer 5

IPsec VPN Tunnels

Question 6

T/F: MPLS networks are shared infrastructure since many enterprises can connect to and share the same infrastructure to make WAN connections

Answer 6

T

Question 7

T/F: MPLS networks are private infrastructure since VPNs seperate the ISP infrastructure into multiple, smaller networks

Answer 7

F

MPLS networks still are shared infrastructure. VPNs just allow the ISP network to be utilized in such a way to provide virtually private

Question 8

MPLS allows VPNs to be created over MPLS infrastructure through the use of:

Answer 8

Labels

Question 9

What is an MPLS CE router

Answer 9

Customer edge, sits at the border of the enterprise LAN

Question 10

What is an MPLS PE router

Answer 10

Provider edge, connects to a CE router and other MPLS infrastructure

Question 11

What is an MPLS P router

Answer 11

Provider, connects to other P routers and PE routers, but doesn’t connect to CE routers

Question 12

When are MPLS labels added to frames?

Answer 12

When PE routers receive frames from CE routers

Question 13

Where are MPLS labels placed on a frame?

Answer 13

Between the L2 and L3 header

Question 14

T/F: MPLS is generally transparent to CE routers, and CE routers don’t need to be MPLS capable

Answer 14

T

Question 15

T/F: When using an L3 MPLS VPN, two CEs at different sites in a WAN will peer with their PE routers, and the two CE routers will learn about eachother’s routes through this peering

Answer 15

T

Question 16

T/F: When using an L2 MPLS VPN, the CE and PE routers do not form peerings

Answer 16

T

Question 17

T/F: When using an L2 MPLS VPN, the ISP network is entirely transparent to the CE routers, and basically acts like a big switch

Answer 17

T

Question 18

T/F: When using an L2 MPLS VPN, if a routing protocol is used, the two CE routers will peer directly with eachother

Answer 18

T

Question 19

Three of the most common internet access technologies are:

Answer 19

Fiber, Cable, and DSL

Question 20

DSL stands for:

Answer 20

Digital Subscriber Line

Question 21

DSL provides internet connectivity to customers over:

Answer 21

Phone lines

Question 22

What is the function of a modem

Answer 22

Converts data into a format suitable to be sent over phone/CATV lines

Question 23

Cable Internet provides internet connectivity to customers over:

Answer 23

Cable TV lines (CATV)

Question 24

T/F: A modem is required to provide internet access over DSL

Answer 24

T

DSL connections require a modem to convert internet data into a format suitable for phone lines

Question 25

T/F: A modem is required to provide internet access over Cable

Answer 25

T CATV connections require a modem to convert internet data into a format suitable for Cable TV lines

Question 26

T/F: A modem is required to provide internet access over Fiber

Answer 26

F Fiber is designed specifically for internet connections, so no modem is required. However, an ONT (Optical Network Terminator) is required for a fiber connection. This is usually built into a home router

Question 27

If you have one connection to one ISP, this is referred to as:

Answer 27

Single Homed

Question 28

If you have two connections to one ISP, this is referred to as:

Answer 28

Dual Homed

Question 29

If you have one connection each to two ISPs, this is referred to as:

Answer 29

Multihomed

Question 30

If you have two connections each to two ISPs, this is referred to as:

Answer 30

Dual Multihomed

Question 31

Two common kinds of Internet VPNs are:

Answer 31

- Site-to-Site VPNs using IPsec - Remote-access VPNs using TLS

Question 32

What is the purpose of a site-to-site VPN

Answer 32

A VPN between two devices that is used to connect two sites together over the internet, primarily using IPsec

Question 33

Describe the encapsulation performed by IPsec VPNs when forwarding packets between two VPN enabled routers

Answer 33

Original packet is encrypted, encapsulated with a VPN header, and encapsulated again with a new IP header. Then sent over the internet to the destination device, encapsulated and decrypted

Question 34

T/F: In a site-to-site VPN, there are only two tunnel endpoints, and all other devices at each site don't need to create a VPN for themselves

Answer 34

T For site-to-site VPNs the tunnel only needs to be formed between the two site routers, all other devices can send unencrypted data to the tunnel endpoints

Question 35

T/F: IPsec doesn't support broadcast and multicast traffic, only unicast

Answer 35

T

Question 36

Describe some limitations of IPsec VPNs

Answer 36

- IPsec doesn't support broadcast and multicast traffic. Therefore, routing protocols can't be used over the tunnel (can be solved with GRE over IPsec) - Configuring a full mesh of tunnels between sites is labor intensive (Cisco DMVPN can solve)

Question 37

T/F: GRE creates tunnels like IPsec, but doesn't encrypt traffic

Answer 37

T

Question 38

T/F: GRE can encapsulate a wide variety of L3 protocols as well as broadcast and multicast messages

Answer 38

T

Question 39

Describe the packet encapsulation performed by GRE over IPsec

Answer 39

Original packet is encapsulated by a GRE header and a new IP header, then encrypted with an IPsec VPN header and a new IP header [] == encrypted {[IP packet | GRE header | IP header] IPsec header | IP header}

Question 40

Describe what DMVPN does

Answer 40

Allows routers to dynamically create a full mesh of IPsec tunnels without having to manually configure every single tunnel

Question 41

What is the simplified approach to using DMVPN to form a full mesh of IPsec tunnels?

Answer 41

1. Configure IPsec tunnels to a hub site (hub and spoke topology) 2. The hub router gives each router information about how to form an IPsec tunnel with the other routers

Question 42

T/F: DMVPN provides the configuration simplicity of hub-and-spoke, and the efficiency of direct spoke-to-spoke communication

Answer 42

T

Question 43

Remote-Access VPNs serve what purpose:

Answer 43

Connect remote end devices to access company internal resources securely over the internet

Question 44

Remote-Access VPNs typically use:

Answer 44

TLS (Transport Layer Security). Formerly SSL, but renamed to TLS when standardized by the IETF

Question 45

T/F: Remote-Access VPNs typically use IPsec and Site-to-Site VPNs typically use TLS

Answer 45

F Remote-Access typically uses TLS and Site-to-Site typically uses IPsec

Question 46

Company A uses an MPLS VPN to connect its offices together. Which of the following routers does NOT run MPLS? a) PE b) P c) CE

Answer 46

CE MPLS operation is performed by P and PE routers

Question 47

Which of the following MPLS VPN types allows CE routers to directly form OSPF peerings with each other? a) L2 MPLS VPN b) L2.5 MPLS PVN c) L3 MPLS VPN

Answer 47

a) L2 MPLS VPN

Question 48

Which of the following internet access technologies takes advantage of already-installed phone lines? a) Cable Internet b) DSL c) Fiber d) MPLS

Answer 48

b) DSL

Question 49

Which of the following protocols can be used in combination with IPsec to provide more flexibility by allowing multicast traffic to be forwarded in the tunnel? a) TLS b) Site-to-Site VPN c) GRE d) Remote-Access VPN

Answer 49

c) GRE

Question 50

Which of the following technologies can you use to tunnel any L3 protocol through an IP transport network? a) GRE b) PPPoA c) IPsec d) PPPoE

Answer 50

a) GRE

Question 51

Compare and contrast IPsec in tunnel mode vs transport mode

Answer 51

Tunnel mode == Encrypts whole packet, requires additional L3 header to be added Transport mode == Doesn't encrypt IP header (only payload is encrypted), no additional L3 header required

Question 52

Which IPsec mode is required for NAT traversal?

Answer 52

Tunnel mode The common L3 header in transport mode can screw with NAT traversal