nerdexam
Cisco

352-001 · Question #81

Senior management wants you to evaluate the risks to your network of offering VPWS, VPLS, GRE, or other tunneling services to your fiber-connected client base. Clients indicate that they prefer to use

The correct answer is A. VPWS E. QinQ. VPWS and QinQ both support Layer 2 switch CEs while maintaining clear separation between provider and customer networks with minimal risk to the provider core.

Network Virtualization

Question

Senior management wants you to evaluate the risks to your network of offering VPWS, VPLS, GRE, or other tunneling services to your fiber-connected client base. Clients indicate that they prefer to use Layer 2 switches as CEs. Which two tunneling services expose your network to minimal risk and meet the clients' needs, including separation between providers and customer networks? (Choose two.)

Options

  • AVPWS
  • B802.1Q
  • CGRE
  • DVPLS
  • EQinQ

How the community answered

(44 responses)
  • A
    59% (26)
  • B
    23% (10)
  • C
    11% (5)
  • D
    7% (3)

Why each option

VPWS and QinQ both support Layer 2 switch CEs while maintaining clear separation between provider and customer networks with minimal risk to the provider core.

AVPWSCorrect

VPWS (Virtual Private Wire Service) uses MPLS pseudowires to create point-to-point Layer 2 connections, keeping customer traffic fully encapsulated within the provider MPLS core and away from provider infrastructure. It natively supports Layer 2 switch CEs and provides strong provider-customer separation, meaning a customer broadcast storm or STP event cannot propagate into the provider network.

B802.1Q

Standard 802.1Q uses a single shared VLAN namespace between provider and customer, creating risk of VLAN ID conflicts and insufficient isolation between provider and customer networks.

CGRE

GRE is a Layer 3 tunneling protocol that requires routers as CEs, directly conflicting with the client requirement to use Layer 2 switches as customer edge devices.

DVPLS

VPLS is an MPLS-based multipoint Layer 2 service, but it floods customer broadcast and unknown unicast traffic across all pseudowires and exposes the provider core to customer Spanning Tree BPDUs, creating higher risk than VPWS.

EQinQCorrect

QinQ (802.1ad) double-tagging encapsulates customer 802.1Q frames within an outer provider VLAN tag, completely separating customer and provider VLAN namespaces. This requires no changes to customer Layer 2 switches acting as CEs and limits provider exposure because customer frames are opaque to the provider switching domain.

Concept tested: Layer 2 VPN tunneling risk and CE device compatibility

Source: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l2_vpns/configuration/xe-16/mp-l2-vpns-xe-16-book/mp-vpws.html

Topics

#VPWS#QinQ#L2VPN#network separation

Community Discussion

No community discussion yet for this question.

Full 352-001 Practice