nerdexam
Exams300-415Questions#401
Cisco

300-415 · Question #401

300-415 Question #401: Real Exam Question with Answer & Explanation

The correct answer is B: 12 hours. To ensure continuous data plane operation during OMP graceful restart, the IPsec rekey timer must be set to half the OMP graceful restart value.

Security and Quality of Service

Question

Which value of the IPsec rekey timer must be set by the engineer for an OMP graceful restart value set for 24 hours?

Options

  • A6 hours
  • B12 hours
  • C36 hours
  • D48 hours

Explanation

To ensure continuous data plane operation during OMP graceful restart, the IPsec rekey timer must be set to half the OMP graceful restart value.

Common mistakes.

  • A. 6 hours is too short, potentially causing excessive rekeying overhead and not optimizing for the graceful restart window.
  • C. 36 hours is too long; if the rekey interval exceeds the OMP graceful restart timer, IPsec tunnels could expire during the graceful restart period, leading to traffic disruption.
  • D. 48 hours is also too long, exceeding the OMP graceful restart timer and risking data plane interruption while the control plane is recovering.

Concept tested. Cisco SD-WAN IPsec Rekey Timer and OMP Graceful Restart

Reference. https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/system-interfaces/ios-xe-17/system-interfaces-book-xe/m-tunnel-interface-parameters.html

Topics

#SD-WAN#IPsec Rekey#OMP Graceful Restart#Security Timers

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 300-415 Practice