nerdexam
Cisco

400-007 · Question #35

Your company wants to deploy a new data center infrastructure. Based on the requirements you have chosen VXLAN as encapsulation technology. The customer is concerned about miss-configuration of Layer

The correct answer is D. BPDU Guard should be enabled on all VTEP access ports. VXLAN is a pure encapsulation technology with no native Layer 2 loop prevention, so BPDU Guard must be enabled on VTEP access ports to err-disable any port where a switch is connected and could introduce a loop.

Designing Network Infrastructure

Question

Your company wants to deploy a new data center infrastructure. Based on the requirements you have chosen VXLAN as encapsulation technology. The customer is concerned about miss-configuration of Layer 2 devices and DC wide outages caused by Layer 2 loops. What do you answer?

Options

  • AVXLAN offers native loop avoidance mechanism
  • BStorm Control should be enabled on all ports
  • CVPC+ could prevent L2 loop on access ports
  • DBPDU Guard should be enabled on all VTEP access ports

How the community answered

(26 responses)
  • A
    12% (3)
  • B
    8% (2)
  • D
    81% (21)

Why each option

VXLAN is a pure encapsulation technology with no native Layer 2 loop prevention, so BPDU Guard must be enabled on VTEP access ports to err-disable any port where a switch is connected and could introduce a loop.

AVXLAN offers native loop avoidance mechanism

VXLAN is a MAC-in-UDP encapsulation protocol and does not include any native loop avoidance mechanism - loop prevention must be provided by external mechanisms such as STP features or EVPN control plane.

BStorm Control should be enabled on all ports

Storm Control rate-limits broadcast or multicast traffic after a loop has already formed, but it does not prevent the loop itself - the network can still degrade significantly before the threshold is triggered.

CVPC+ could prevent L2 loop on access ports

VPC+ (Virtual Port Channel Plus) is a Cisco Nexus-specific multi-homing feature for port-channel redundancy and does not provide general Layer 2 loop prevention across all VTEP access ports in the fabric.

DBPDU Guard should be enabled on all VTEP access portsCorrect

Enabling BPDU Guard on all VTEP access ports causes the port to enter err-disabled state immediately upon receiving a BPDU from a connected switch, stopping any potential Layer 2 loop at the access layer before it can propagate into the VXLAN fabric.

Concept tested: BPDU Guard for loop prevention on VXLAN VTEP access ports

Source: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/vxlan/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_VXLAN_Configuration_Guide.html

Topics

#VXLAN#VTEP#BPDU Guard#data center loop prevention

Community Discussion

No community discussion yet for this question.

Full 400-007 Practice