nerdexam
Cisco

400-007 · Question #64

A customer asks you to perform a high level review of their upcoming WAN refresh for remote sites. The review is specially focused on their retail store operations consisting of 500+ locations connect

The correct answer is B. IS-IS. IS-IS is the most restrictive routing protocol for a multipoint IPsec VPN deployment because it cannot run natively over tunnel interfaces, limiting scalability to 500+ sites.

Designing Network Infrastructure

Question

A customer asks you to perform a high level review of their upcoming WAN refresh for remote sites. The review is specially focused on their retail store operations consisting of 500+ locations connected via mutlipoint IPsec VPN solution. Which routing protocol would be valid but would also be the most restrictive for the expansion of this deployment model?

Options

  • AEIGRP
  • BIS-IS
  • COSPF
  • DBGP

How the community answered

(65 responses)
  • A
    5% (3)
  • B
    83% (54)
  • C
    11% (7)
  • D
    2% (1)

Why each option

IS-IS is the most restrictive routing protocol for a multipoint IPsec VPN deployment because it cannot run natively over tunnel interfaces, limiting scalability to 500+ sites.

AEIGRP

EIGRP is fully supported over DMVPN and multipoint IPsec tunnel interfaces and scales well with spoke-to-hub deployments using split-horizon tuning.

BIS-ISCorrect

IS-IS is a Layer 2 OSI protocol that runs directly over data-link layer adjacencies and cannot be encapsulated over IP-based tunnel interfaces such as IPsec or GRE. Because multipoint IPsec VPN designs rely on logical tunnel interfaces for spoke connectivity, IS-IS adjacencies cannot form across those tunnels. This makes IS-IS the most restrictive choice for expanding a 500+ site multipoint IPsec VPN deployment.

COSPF

OSPF supports multiple network types including point-to-multipoint, which maps directly to hub-and-spoke IPsec VPN topologies, making it a common and valid choice.

DBGP

BGP is the most scalable option for large-scale VPN deployments and is natively used in many MPLS and IPsec overlay designs with no tunnel interface restrictions.

Concept tested: Routing protocol suitability over IPsec tunnel interfaces

Source: https://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/13677-is-is-ospf-eigrp.html

Topics

#IS-IS#WAN design#multipoint IPsec VPN#routing protocol selection

Community Discussion

No community discussion yet for this question.

Full 400-007 Practice