400-007 · Question #64
A customer asks you to perform a high level review of their upcoming WAN refresh for remote sites. The review is specially focused on their retail store operations consisting of 500+ locations connect
The correct answer is B. IS-IS. IS-IS is the most restrictive routing protocol for a multipoint IPsec VPN deployment because it cannot run natively over tunnel interfaces, limiting scalability to 500+ sites.
Question
A customer asks you to perform a high level review of their upcoming WAN refresh for remote sites. The review is specially focused on their retail store operations consisting of 500+ locations connected via mutlipoint IPsec VPN solution. Which routing protocol would be valid but would also be the most restrictive for the expansion of this deployment model?
Options
- AEIGRP
- BIS-IS
- COSPF
- DBGP
How the community answered
(65 responses)- A5% (3)
- B83% (54)
- C11% (7)
- D2% (1)
Why each option
IS-IS is the most restrictive routing protocol for a multipoint IPsec VPN deployment because it cannot run natively over tunnel interfaces, limiting scalability to 500+ sites.
EIGRP is fully supported over DMVPN and multipoint IPsec tunnel interfaces and scales well with spoke-to-hub deployments using split-horizon tuning.
IS-IS is a Layer 2 OSI protocol that runs directly over data-link layer adjacencies and cannot be encapsulated over IP-based tunnel interfaces such as IPsec or GRE. Because multipoint IPsec VPN designs rely on logical tunnel interfaces for spoke connectivity, IS-IS adjacencies cannot form across those tunnels. This makes IS-IS the most restrictive choice for expanding a 500+ site multipoint IPsec VPN deployment.
OSPF supports multiple network types including point-to-multipoint, which maps directly to hub-and-spoke IPsec VPN topologies, making it a common and valid choice.
BGP is the most scalable option for large-scale VPN deployments and is natively used in many MPLS and IPsec overlay designs with no tunnel interface restrictions.
Concept tested: Routing protocol suitability over IPsec tunnel interfaces
Source: https://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/13677-is-is-ospf-eigrp.html
Topics
Community Discussion
No community discussion yet for this question.