400-007 · Question #35
Your company wants to deploy a new data center infrastructure. Based on the requirements you have chosen VXLAN as encapsulation technology. The customer is concerned about miss-configuration of Layer
The correct answer is D. BPDU Guard should be enabled on all VTEP access ports. VXLAN is a pure encapsulation technology with no native Layer 2 loop prevention, so BPDU Guard must be enabled on VTEP access ports to err-disable any port where a switch is connected and could introduce a loop.
Question
Your company wants to deploy a new data center infrastructure. Based on the requirements you have chosen VXLAN as encapsulation technology. The customer is concerned about miss-configuration of Layer 2 devices and DC wide outages caused by Layer 2 loops. What do you answer?
Options
- AVXLAN offers native loop avoidance mechanism
- BStorm Control should be enabled on all ports
- CVPC+ could prevent L2 loop on access ports
- DBPDU Guard should be enabled on all VTEP access ports
How the community answered
(26 responses)- A12% (3)
- B8% (2)
- D81% (21)
Why each option
VXLAN is a pure encapsulation technology with no native Layer 2 loop prevention, so BPDU Guard must be enabled on VTEP access ports to err-disable any port where a switch is connected and could introduce a loop.
VXLAN is a MAC-in-UDP encapsulation protocol and does not include any native loop avoidance mechanism - loop prevention must be provided by external mechanisms such as STP features or EVPN control plane.
Storm Control rate-limits broadcast or multicast traffic after a loop has already formed, but it does not prevent the loop itself - the network can still degrade significantly before the threshold is triggered.
VPC+ (Virtual Port Channel Plus) is a Cisco Nexus-specific multi-homing feature for port-channel redundancy and does not provide general Layer 2 loop prevention across all VTEP access ports in the fabric.
Enabling BPDU Guard on all VTEP access ports causes the port to enter err-disabled state immediately upon receiving a BPDU from a connected switch, stopping any potential Layer 2 loop at the access layer before it can propagate into the VXLAN fabric.
Concept tested: BPDU Guard for loop prevention on VXLAN VTEP access ports
Source: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/vxlan/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_VXLAN_Configuration_Guide.html
Topics
Community Discussion
No community discussion yet for this question.