Review #1: Terminology
28
© 2020 Silver Peak Systems, Inc. All Rights Reserved. 20 Review #1: Terminology 1) What term describes placing a packet into an IPsec tunnel? 2) Describe/define the following: a. Cloud Portal b. Orchestrator c. Passthrough flow 3) True/False: An overlay tunnel can use one or more underlay tunnels to transport packets that match a Business Intent Overlay. 4) How many Orchestrators would be used by a typical organization? 5) Given two tunnels named: “To_ECV-3_MPLS_MPLS” and “To_ECV-3_CriticalApps”: a. Which do you think is an Overlay tunnel? Why? b. Which do you think is an Underlay tunnel? Why? ? ? d) Stale flow e) Business Intent Overlay f) Local Internet Breakout
Transcript of Review #1: Terminology
Review #1: Terminology
1) What term describes placing a packet into an IPsec tunnel?
2) Describe/define the following: a. Cloud Portal b. Orchestrator c. Passthrough flow
3) True/False: An overlay tunnel can use one or more underlay tunnels to transport packets that match a Business Intent Overlay.
4) How many Orchestrators would be used by a typical organization?
?
?
d) Stale flow e) Business Intent Overlay f) Local Internet Breakout
© 2020 Silver Peak Systems, Inc. All Rights Reserved.30
Review #2: Products and Licensing
6) True/False: The Orchestrator is always hosted outside a customer’s network.
7) True/False: The Cloud Portal automatically builds tunnels from a new device to existing appliances, then tells the Orchestrator the device has been registered.
8) True/False: A 100 Mbps license, or 1 block, is required to handle 75 Mbps of LAN traffic.
9) What is Boost?
10) What Boost Feature reduces the bandwidth required using deduplication and compression??
11) Name the other Boost Feature. a. What does it do?
12) True/False: Boost is included with an Unlimited License.
?
?
Review #3: Orchestrator Setup Lab
14) True/False: The lab steps are only a guideline. If you simply look at the screenshots, you can get through the lab tasks much faster?
15) True/False: I should have written down my ReadyTech Lab Access Code.
16) Why should you select Thin as the Disk Provisioning option when installing the Orchestrator?
17) True/False: RFC-1701 defines the Enterprise SD-WAN standard.
?
?
Review #4: Dynamic Path Control
19) When using Business Intent Overlays, is load balancing between appliances flow- based or packet-based?
20) What are Silver Peak’s three options for dynamically choosing an underlay tunnel?
21) What four line characteristics are used to determine the quality of a tunnel?
22) Do you think local internet breakout traffic is: a. Flow or packet based? b. Why?
23) Can an appliance load-balance an overlay over the Red and Blue underlay tunnels shown in the diagram to the right? a. Why or why not?
Site 2
Site 1
LAN WAN
Review #5: Path Conditioning
24) When can FEC make a loss problem worse?
25) What is a typical WAN ISP SLA for loss for… a) Internet b) MPLS
?
?
Review #6: Boost
29) What three factors are the primary contributors to latency?
30) How do we accelerate TCP flows?
31) Why does Asymmetry break TCP Acceleration?
32) What benefit does the Network Memory component of Boost provide?
?
?
Review #7: Licensing Process
34) What is the first step in setting up your Silver Peak network?
35) True/False: There are unique license keys that are different for each EdgeConnect appliance and the Orchestrator.
36) What is required for an appliance without direct Internet connectivity to register?
37) How long is a device’s license period?
?
?
Review #8: Orchestrator Configuration and Licensing Lab
39) What is the default user name and password for the Orchestrator GUI?
40) What is the filename extension of the Orchestrator installation file?
41) Select all the correct statements: On the Cloud Portal screen in Orchestrator, Registered = Yes indicates:
A. The Orchestrator was able to reach the Cloud Portal on the internet.
B. The Orchestrator was recognized by the Cloud Portal to belong to your company based on its serial number.
C. The Account Name and Account Key were correctly entered.
D. The Orchestrator will now be able to manage any EdgeConnect clients associated with that account
?
?
Review #9: Path Selection & Subnet Sharing
43) What does ‘Auto (system)’ in the route ‘Type’ field mean?
44) What does Subnet Sharing do?
45) What must happen before subnets will be shared between appliances?
46) What happens to shared subnets if all tunnels to a site go down?
47) Besides Subnet Sharing, how else can an appliance dynamically learn routes?
48) What does FROM_WAN mean in the additional info column of the data path routing table?
49) What is the management routing table used for?
50) True/False: Syslog entries from an appliance will be reported to the Syslog server using the main data path Routes table.
86
Review #10: Router Mode
51) What is the name of the mode that is the recommended best practice?
52) True/False: You must use mgmt0 out of band to manage the appliances.
53) What are the 3 basic Silver Peak Reference Architectures?
54) True/False: Router Mode cannot be deployed out of path.
55) How many IP addresses do you need in router mode?
56) True/False: As shown in the diagram, in Inline Router Mode, passthrough traffic that arrives on lan1 cannot be forwarded out lan0.
WAN wan0
Review #11: Bridge Mode
57) How many IP addresses do you need in Bridge Mode?
58) True/False: The lan0 and wan0 of an appliance in Bridge Mode connect to two different subnets.
59) What is the failure mode of an appliance in Bridge Mode?
60) If you want an Inline appliance to use multicast, should an appliance be in Bridge or Router Mode?
61) True/False: In Bridge Mode, you don’t have to use mgmt0 to manage the appliance, you can use a data path interface.
62) True/False: In Bridge Mode, passthrough traffic arriving on lan0 can be forwarded out wan1 (see picture)
108
Review #12: Server Mode
63) True/False: Server mode is the default for freshly installed ECVs.
64) What is the difference between Server Mode and Router Mode?
65) True/False: Server Mode can be Inline or Out-of-Path.
66) Why would you use server mode?
?
?
Review #13: Data Security
67) True/False: To block all incoming connections from the internet, the Stateful Firewall should be set to Harden on an interface.
68) True/False: The Stateful+SNAT interface firewall setting maps LAN addresses to WAN addresses for packets being placed in a tunnel.
69) If you want to allow inbound connections from the Internet to only one LAN side server, what feature should you use to permit connections ONLY to that server on the LAN?
70) True/False: A Zone Based Firewall policy that permits connections initiated from zone A to zone B, will also permit connections to be initiated from zone B to zone A.
71) What is required for us to de-duplicate SSL traffic and why do we need to do it?
?
?
Review #14: Interface Labels and Deployment Profiles
74) True/False: An interface labeled ‘Voice’ only allows VOIP traffic.
75) True/False: A deployment profile defines how many interfaces and sub-interfaces will be configured for an appliance.
76) Does a deployment profile… a. Contain IP addresses? b. Can include VLAN numbers? c. ZBF (Zone Based Firewall) security policies?
77) Customers need to access a LAN-side web server inside a branch office. (see diagram) What WAN-side (Internet) firewall settings and features should be used?
78) What is the purpose of the NAT flag?
79) True/False: Your network branch offices have overlapping local subnet addresses in the 192.168.x.x space. Enabling Stateful+SNAT will hide the overlap because the tunnel traffic will be NAT’d.
wan0 lan0wan0 Internetlan0
Review #15: Template Groups
81) Where can you get an explanation of template fields?
82) How do you determine where a template will be applied?
83) How do you determine which template will be applied?
?
?
Review #16: Business Intent Overlays
85) What are the three match choices for placing incoming LAN traffic into an overlay? a) Which is the most used?
86) What are the three Service Level Objective options?
87) How does an overlay treat a SLO parameter set to ‘0’?
88) In the overlay list, which Business Intent Overlay has the highest priority—the top or bottom?
89) You have two Business Intent Overlays, shown in order. If IP phone traffic arrives on the “Data” port, which BIO is used? : • All - matches all traffic coming in on the LAN0 port labeled Data • VOIP - matches IP phone traffic based on an ACL
?
?
Review #17: BIO and Appliance Configuration Labs
91) What are the four default Business Intent Overlays?
92) What is the purpose of a Port Group?
93) Describe how one can view the MAC addresses of the Network Adapters in ESXi.
94) True/False: It is best practice to use DHCP to assign the IP Address for mgmt0.
?
?
Review #18: Orchestrator Registration Lab
96) Name some things that could prevent the Appliance Discovered button from showing.
97) True/False: Appliances must always be manually approved by an Administrator?
98) Why might the wrong IP Address show up in the Appliances Discovered tab?
?
?
Review #19: Automated Provisioning and Deployment
100) What matches a physical device with a preconfiguration file?
101) What matches a virtual appliance with a preconfig YAML file?
102) True/False: A preconfig file cannot assign IP addresses to interfaces because they are different at every site.
?
?
Review #20: Quality of Service
104) What determines which traffic class a packet is placed in?
105) What determines the behavior of individual traffic classes
106) In order to avoid starving any traffic class, the sum of __________ shouldn’t exceed ________?
107) True/False: The Shaper ID column defines the order in which classes are serviced.
?
?
Review #21: Reporting and Monitoring
109) What 3 lines commonly appear on most Silver Peak statistical graphs?
110) What are the Line colors for those lines? LAN: ________ WAN: ________ Ratio: __________
111) Why is the Ratio usually useful?
112) On an appliance, what single page shows Bandwidth Usage, Top Applications, Latency, Loss and Top flows?
113) Where should you check first when troubleshooting a problem happening ‘now’?
114) How can you tell if a flow is being optimized?
115) What will tell you which QoS Policy rule caused a flow to end up in a particular shaper traffic class?
116) What are the 5 main sections of a Flow Detail?
?
?
Review #22: Built in Diagnosis Tools
118) What option is required to make sure a Ping is sourced from the correct interface or IP address when testing reachability?
119) What options can be used to make sure a traceroute is sourced from the correct IP address or interface when testing reachability?
120) How do you display the options available for running the ping and traceroute commands from the UI?
121) True/False: Iperf is always safe to run on a production network.
?
?
Review #23: Business Intent Overlay Path Selection
123) A packet matches a Business Intent Overlay. There's a Routes (subnet) table match with a destination that is part of the overlay. Is the first packet (SYN) sent through a tunnel or not?
124) Same scenario as above, but there is no match in Routes table?
125) True/False: Once the traffic is matched to an overlay, a determination needs to made as to if it will: a. will be backhauled through an IPsec tunnel to a non-Silver-Peak device. b. broken out locally direct to the internet. c. sent through a secure tunnel to an external service like Zscaler.
?
?
Review #24: Boost and Asymmetry
127) What is TCP asymmetry?
128) What is a good indicator of asymmetry?
129) What are some causes of TCP asymmetry?
130) What are some possible solutions?
?
?
Review #25: Flow Detail
132) What is your best friend when troubleshooting a connection between two endpoints that transits an appliance?
133) How do you display the Flow Detail?
134) What are the 5 main sections of the Flow Detail?
135) What section will tell you if an overlay or the default route policy was matched?
136) How can you see the external (upstream) source address of an outbound flow when the interface is set to Stateful+SNAT?
?
?
Review #26: Overlays & Tunnels
138) What are some reasons a tunnel might not come up?
139) Can a user configure a Business Intent Overlay from the appliance's web interface?
140) What effect does the order of overlays in the list on the BIO page have on it’s priority?
141) If you delete a BIO created tunnel on an appliance, what will happen within 5 minutes?
142) If you apply a BIO to an appliance without a matching label or ACL, will traffic be routed into the associated overlay tunnels?
143) How many active primary links do you need for a Link Bonding Policy of “High Availability”?
?
?
Review #27: Licensing
145) How long is an appliance license lease?
146) What protocol and port number do the Appliances and Orchestrator use to talk to the Cloud Portal?
147) Does the Orchestrator require Internet connectivity to register with the Cloud Portal?
148) Does an appliance require direct internet connectivity to the Cloud Portal to register? If not, what would need to be configured?
149) True/False: An unlicensed appliance will send all incoming traffic Passthrough Shaped.
?
?
Review #28: Routing and Reachability
151) True/False: If you are doing internet breakout on a WAN interface, it should be set to ‘‘Harden”.
152) True/False: CDP (Cisco Discovery Protocol) tests Layer 3 connectivity.
153) What is a common misconfiguration when redirecting traffic out of path?
154) How do the Silver Peaks attract traffic via a routing protocol when the local OEM routers are learning the same subnets via a different path?
155) What should the local devices point to when redundant Silver Peaks are using VRRP on the lan side of the network to deterministically route traffic?
156) A data center appliance is BGP peered to local routers and is learning routes from them. The branch appliances can’t reach the subnets beyond the routers. What might be the problem?
303
1) What term describes placing a packet into an IPsec tunnel?
2) Describe/define the following: a. Cloud Portal b. Orchestrator c. Passthrough flow
3) True/False: An overlay tunnel can use one or more underlay tunnels to transport packets that match a Business Intent Overlay.
4) How many Orchestrators would be used by a typical organization?
?
?
d) Stale flow e) Business Intent Overlay f) Local Internet Breakout
© 2020 Silver Peak Systems, Inc. All Rights Reserved.30
Review #2: Products and Licensing
6) True/False: The Orchestrator is always hosted outside a customer’s network.
7) True/False: The Cloud Portal automatically builds tunnels from a new device to existing appliances, then tells the Orchestrator the device has been registered.
8) True/False: A 100 Mbps license, or 1 block, is required to handle 75 Mbps of LAN traffic.
9) What is Boost?
10) What Boost Feature reduces the bandwidth required using deduplication and compression??
11) Name the other Boost Feature. a. What does it do?
12) True/False: Boost is included with an Unlimited License.
?
?
Review #3: Orchestrator Setup Lab
14) True/False: The lab steps are only a guideline. If you simply look at the screenshots, you can get through the lab tasks much faster?
15) True/False: I should have written down my ReadyTech Lab Access Code.
16) Why should you select Thin as the Disk Provisioning option when installing the Orchestrator?
17) True/False: RFC-1701 defines the Enterprise SD-WAN standard.
?
?
Review #4: Dynamic Path Control
19) When using Business Intent Overlays, is load balancing between appliances flow- based or packet-based?
20) What are Silver Peak’s three options for dynamically choosing an underlay tunnel?
21) What four line characteristics are used to determine the quality of a tunnel?
22) Do you think local internet breakout traffic is: a. Flow or packet based? b. Why?
23) Can an appliance load-balance an overlay over the Red and Blue underlay tunnels shown in the diagram to the right? a. Why or why not?
Site 2
Site 1
LAN WAN
Review #5: Path Conditioning
24) When can FEC make a loss problem worse?
25) What is a typical WAN ISP SLA for loss for… a) Internet b) MPLS
?
?
Review #6: Boost
29) What three factors are the primary contributors to latency?
30) How do we accelerate TCP flows?
31) Why does Asymmetry break TCP Acceleration?
32) What benefit does the Network Memory component of Boost provide?
?
?
Review #7: Licensing Process
34) What is the first step in setting up your Silver Peak network?
35) True/False: There are unique license keys that are different for each EdgeConnect appliance and the Orchestrator.
36) What is required for an appliance without direct Internet connectivity to register?
37) How long is a device’s license period?
?
?
Review #8: Orchestrator Configuration and Licensing Lab
39) What is the default user name and password for the Orchestrator GUI?
40) What is the filename extension of the Orchestrator installation file?
41) Select all the correct statements: On the Cloud Portal screen in Orchestrator, Registered = Yes indicates:
A. The Orchestrator was able to reach the Cloud Portal on the internet.
B. The Orchestrator was recognized by the Cloud Portal to belong to your company based on its serial number.
C. The Account Name and Account Key were correctly entered.
D. The Orchestrator will now be able to manage any EdgeConnect clients associated with that account
?
?
Review #9: Path Selection & Subnet Sharing
43) What does ‘Auto (system)’ in the route ‘Type’ field mean?
44) What does Subnet Sharing do?
45) What must happen before subnets will be shared between appliances?
46) What happens to shared subnets if all tunnels to a site go down?
47) Besides Subnet Sharing, how else can an appliance dynamically learn routes?
48) What does FROM_WAN mean in the additional info column of the data path routing table?
49) What is the management routing table used for?
50) True/False: Syslog entries from an appliance will be reported to the Syslog server using the main data path Routes table.
86
Review #10: Router Mode
51) What is the name of the mode that is the recommended best practice?
52) True/False: You must use mgmt0 out of band to manage the appliances.
53) What are the 3 basic Silver Peak Reference Architectures?
54) True/False: Router Mode cannot be deployed out of path.
55) How many IP addresses do you need in router mode?
56) True/False: As shown in the diagram, in Inline Router Mode, passthrough traffic that arrives on lan1 cannot be forwarded out lan0.
WAN wan0
Review #11: Bridge Mode
57) How many IP addresses do you need in Bridge Mode?
58) True/False: The lan0 and wan0 of an appliance in Bridge Mode connect to two different subnets.
59) What is the failure mode of an appliance in Bridge Mode?
60) If you want an Inline appliance to use multicast, should an appliance be in Bridge or Router Mode?
61) True/False: In Bridge Mode, you don’t have to use mgmt0 to manage the appliance, you can use a data path interface.
62) True/False: In Bridge Mode, passthrough traffic arriving on lan0 can be forwarded out wan1 (see picture)
108
Review #12: Server Mode
63) True/False: Server mode is the default for freshly installed ECVs.
64) What is the difference between Server Mode and Router Mode?
65) True/False: Server Mode can be Inline or Out-of-Path.
66) Why would you use server mode?
?
?
Review #13: Data Security
67) True/False: To block all incoming connections from the internet, the Stateful Firewall should be set to Harden on an interface.
68) True/False: The Stateful+SNAT interface firewall setting maps LAN addresses to WAN addresses for packets being placed in a tunnel.
69) If you want to allow inbound connections from the Internet to only one LAN side server, what feature should you use to permit connections ONLY to that server on the LAN?
70) True/False: A Zone Based Firewall policy that permits connections initiated from zone A to zone B, will also permit connections to be initiated from zone B to zone A.
71) What is required for us to de-duplicate SSL traffic and why do we need to do it?
?
?
Review #14: Interface Labels and Deployment Profiles
74) True/False: An interface labeled ‘Voice’ only allows VOIP traffic.
75) True/False: A deployment profile defines how many interfaces and sub-interfaces will be configured for an appliance.
76) Does a deployment profile… a. Contain IP addresses? b. Can include VLAN numbers? c. ZBF (Zone Based Firewall) security policies?
77) Customers need to access a LAN-side web server inside a branch office. (see diagram) What WAN-side (Internet) firewall settings and features should be used?
78) What is the purpose of the NAT flag?
79) True/False: Your network branch offices have overlapping local subnet addresses in the 192.168.x.x space. Enabling Stateful+SNAT will hide the overlap because the tunnel traffic will be NAT’d.
wan0 lan0wan0 Internetlan0
Review #15: Template Groups
81) Where can you get an explanation of template fields?
82) How do you determine where a template will be applied?
83) How do you determine which template will be applied?
?
?
Review #16: Business Intent Overlays
85) What are the three match choices for placing incoming LAN traffic into an overlay? a) Which is the most used?
86) What are the three Service Level Objective options?
87) How does an overlay treat a SLO parameter set to ‘0’?
88) In the overlay list, which Business Intent Overlay has the highest priority—the top or bottom?
89) You have two Business Intent Overlays, shown in order. If IP phone traffic arrives on the “Data” port, which BIO is used? : • All - matches all traffic coming in on the LAN0 port labeled Data • VOIP - matches IP phone traffic based on an ACL
?
?
Review #17: BIO and Appliance Configuration Labs
91) What are the four default Business Intent Overlays?
92) What is the purpose of a Port Group?
93) Describe how one can view the MAC addresses of the Network Adapters in ESXi.
94) True/False: It is best practice to use DHCP to assign the IP Address for mgmt0.
?
?
Review #18: Orchestrator Registration Lab
96) Name some things that could prevent the Appliance Discovered button from showing.
97) True/False: Appliances must always be manually approved by an Administrator?
98) Why might the wrong IP Address show up in the Appliances Discovered tab?
?
?
Review #19: Automated Provisioning and Deployment
100) What matches a physical device with a preconfiguration file?
101) What matches a virtual appliance with a preconfig YAML file?
102) True/False: A preconfig file cannot assign IP addresses to interfaces because they are different at every site.
?
?
Review #20: Quality of Service
104) What determines which traffic class a packet is placed in?
105) What determines the behavior of individual traffic classes
106) In order to avoid starving any traffic class, the sum of __________ shouldn’t exceed ________?
107) True/False: The Shaper ID column defines the order in which classes are serviced.
?
?
Review #21: Reporting and Monitoring
109) What 3 lines commonly appear on most Silver Peak statistical graphs?
110) What are the Line colors for those lines? LAN: ________ WAN: ________ Ratio: __________
111) Why is the Ratio usually useful?
112) On an appliance, what single page shows Bandwidth Usage, Top Applications, Latency, Loss and Top flows?
113) Where should you check first when troubleshooting a problem happening ‘now’?
114) How can you tell if a flow is being optimized?
115) What will tell you which QoS Policy rule caused a flow to end up in a particular shaper traffic class?
116) What are the 5 main sections of a Flow Detail?
?
?
Review #22: Built in Diagnosis Tools
118) What option is required to make sure a Ping is sourced from the correct interface or IP address when testing reachability?
119) What options can be used to make sure a traceroute is sourced from the correct IP address or interface when testing reachability?
120) How do you display the options available for running the ping and traceroute commands from the UI?
121) True/False: Iperf is always safe to run on a production network.
?
?
Review #23: Business Intent Overlay Path Selection
123) A packet matches a Business Intent Overlay. There's a Routes (subnet) table match with a destination that is part of the overlay. Is the first packet (SYN) sent through a tunnel or not?
124) Same scenario as above, but there is no match in Routes table?
125) True/False: Once the traffic is matched to an overlay, a determination needs to made as to if it will: a. will be backhauled through an IPsec tunnel to a non-Silver-Peak device. b. broken out locally direct to the internet. c. sent through a secure tunnel to an external service like Zscaler.
?
?
Review #24: Boost and Asymmetry
127) What is TCP asymmetry?
128) What is a good indicator of asymmetry?
129) What are some causes of TCP asymmetry?
130) What are some possible solutions?
?
?
Review #25: Flow Detail
132) What is your best friend when troubleshooting a connection between two endpoints that transits an appliance?
133) How do you display the Flow Detail?
134) What are the 5 main sections of the Flow Detail?
135) What section will tell you if an overlay or the default route policy was matched?
136) How can you see the external (upstream) source address of an outbound flow when the interface is set to Stateful+SNAT?
?
?
Review #26: Overlays & Tunnels
138) What are some reasons a tunnel might not come up?
139) Can a user configure a Business Intent Overlay from the appliance's web interface?
140) What effect does the order of overlays in the list on the BIO page have on it’s priority?
141) If you delete a BIO created tunnel on an appliance, what will happen within 5 minutes?
142) If you apply a BIO to an appliance without a matching label or ACL, will traffic be routed into the associated overlay tunnels?
143) How many active primary links do you need for a Link Bonding Policy of “High Availability”?
?
?
Review #27: Licensing
145) How long is an appliance license lease?
146) What protocol and port number do the Appliances and Orchestrator use to talk to the Cloud Portal?
147) Does the Orchestrator require Internet connectivity to register with the Cloud Portal?
148) Does an appliance require direct internet connectivity to the Cloud Portal to register? If not, what would need to be configured?
149) True/False: An unlicensed appliance will send all incoming traffic Passthrough Shaped.
?
?
Review #28: Routing and Reachability
151) True/False: If you are doing internet breakout on a WAN interface, it should be set to ‘‘Harden”.
152) True/False: CDP (Cisco Discovery Protocol) tests Layer 3 connectivity.
153) What is a common misconfiguration when redirecting traffic out of path?
154) How do the Silver Peaks attract traffic via a routing protocol when the local OEM routers are learning the same subnets via a different path?
155) What should the local devices point to when redundant Silver Peaks are using VRRP on the lan side of the network to deterministically route traffic?
156) A data center appliance is BGP peered to local routers and is learning routes from them. The branch appliances can’t reach the subnets beyond the routers. What might be the problem?
303
