Juniper JN0-480 Practice Test - Questions Answers

The graph query output shown in the exhibit is a JSON representation of an interface node and its properties in the Apstra graph database. Based on the output, we can infer the following statements:

The output shows a LAG connection.This is true because the interface node has a property calledlag_modewhich is set tolacp_active, indicating that the interface is part of a link aggregation group (LAG) that uses the Link Aggregation Control Protocol (LACP) to negotiate the link state and parameters12.

The switch in the output is a Juniper device.This is true because the interface node has a property calledif_namewhich is set toae2, indicating that the interface name follows the Juniper naming convention for aggregated Ethernet interfaces34.

The interface has an IP address assigned to it.This is false because the interface node has properties calledipv4_addrandipv6_addrwhich are both set tonull, indicating that the interface does not have any IPv4 or IPv6 address configured2.

The interface has tags assigned to it.This is false because the interface node has a property calledtagswhich is set tonull, indicating that the interface does not have any tags associated with it2.Reference:

Link Aggregation Overview

Processor: Generic Graph Collector

Understanding Aggregated Ethernet Interfaces and LACP

Graph

The Juniper Apstra Rendered configuration is the configuration that is generated from the staged blueprint and applied to the devices in the network. The Rendered configuration is dynamically rendered at commit time, which means that it is created on the fly based on the latest changes and validations in the blueprint. The Rendered configuration is not stored in any database, but it can be viewed in the Apstra UI or downloaded as a file. The Rendered configuration reflects the desired state of the network as defined by the intent of the blueprint. The other options are incorrect because:

A) It is built at commit time and stored in a MySQL database is wrong because the Rendered configuration is not stored in any database, let alone a MySQL database. Apstra uses a graph database to store the network topology and configuration data, not a relational database like MySQL.

B) It is stored in a NoSQL database and incrementally updated is wrong because the Rendered configuration is not stored in any database, let alone a NoSQL database. Apstra uses a graph database to store the network topology and configuration data, not a non-relational database like NoSQL. The Rendered configuration is not incrementally updated, but dynamically rendered at commit time.

D) It is rendered from the graph database and stored locally is wrong because the Rendered configuration is not rendered from the graph database, but from the staged blueprint. The graph database stores the network topology and configuration data, but the Rendered configuration is generated from the blueprint, which is a logical representation of the network design and intent. The Rendered configuration is not stored locally, but it can be downloaded as a file if needed.Reference:

Config Rendering in Juniper Apstra

AOS Device Configuration Lifecycle

Configlets (Datacenter Design)

According to the Juniper documentation1, a routing zone is an L3 domain, the unit of tenancy in multi-tenant networks. You create routing zones for tenants to isolate their IP traffic from one another, thus enabling tenants to re-use IP subnets. In addition to being in its own VRF, each routing zone can be assigned its own DHCP relay server and external system connections. You can create one or more virtual networks within a routing zone, which means a tenant can stretch its L2 applications across multiple racks within its routing zone. Therefore, the correct answer is D. routing zone. A routing zone is the construct within which you create virtual networks to achieve multitenancy for applications.Reference:Routing Zones

EVPN uses a route distinguisher (RD) value to identify which remote leaf device advertised the EVPN route. An RD is a 64-bit value that is prepended to the EVPN NLRI to create a unique VPNv4 or VPNv6 prefix. The RD value is usually derived from the IP address of the PE that originates the EVPN route. By comparing the RD values of different EVPN routes, a PE can determine which remote PE advertised the route and which VRF the route belongs to. The other options are incorrect because:

B) a community tag is wrong because a community tag is an optional transitive BGP attribute that can be used to group destinations that share some common properties. A community tag does not identify the source of the EVPN route.

C) a route target value is wrong because a route target (RT) value is an extended BGP community that is used to control the import and export of EVPN routes between VRFs. An RT value does not identify the source of the EVPN route.

D) a VRF target value is wrong because there is no such thing as a VRF target value in EVPN. A VRF is a virtual routing and forwarding instance that isolates the IP traffic of different VPNs on a PE. A VRF does not have a target value associated with it.Reference:

EVPN Fundamentals

RFC 9136 - IP Prefix Advertisement in Ethernet VPN (EVPN)

EVPN Type-5 Routes: IP Prefix Advertisement

Understanding EVPN Pure Type 5 Routes

According to the Juniper documentation1, EVPN route Type-3 is used to advertise the IP address of the VTEP and the VNIs that it supports. This allows the VTEPs to discover each other and form VXLAN tunnels for the VNIs that they have in common. EVPN route Type-2 is used to advertise the MAC and IP addresses of the hosts connected to the VTEPs. This allows the VTEPs to learn the MAC-to-IP bindings and the MAC-to-VTEP mappings for the hosts in the same VNI. Therefore, these two types of VXLAN tunnels will be automatically created by the EVPN control plane when using Juniper Apstra with the ERB design blueprint and two virtual networks in a common routing zone.Reference:Example: Configure an EVPN-VXLAN Centrally-Routed Bridging Fabric

Interface maps are objects that map interfaces between logical devices and physical hardware devices in the Juniper Apstra design phase. They dictate port count, port speed, and how the ports would be used for achieving the intended network configuration rendering. Interface maps also allow you to select device ports, transformations, and interfaces, provision breakout ports, and disable unused ports. For more information, seeInterface Maps (Datacenter Design).Reference:

Interface Maps (Datacenter Design)

Design

Interface Maps Introduction

To keep virtual networks isolated from each other within the Juniper Apstra system, you can use one or more of the following methods:

Enable Security Policy for virtual networks in the same Routing Zone.This allows you to define rules that control the traffic flow between different virtual networks within the same routing zone. You can specify the source and destination virtual networks, the protocol, the port, and the action (allow or deny) for each rule.The security policy is applied on the ingress interface of the leaf devices1.

Use Connectivity Templates to block access within the same Routing Zone.This allows you to customize the connectivity between different racks within the same routing zone. You can create templates that define the link type, the routing protocol, and the access control list (ACL) for each rack pair.The ACL can be used to filter the traffic based on the source and destination IP addresses, the protocol, and the port2.

Put each network in different Routing Zones.This allows you to create logical boundaries between different virtual networks based on the route target (RT) values. A routing zone is a collection of virtual networks that share the same RT for importing and exporting routes.Virtual networks in different routing zones do not exchange routes with each other, unless you configure remote EVPN gateways to connect them3.Reference:

Security Policy

Connectivity Templates

Routing Zones

The leaf device in AS 65000 will receive three routes for the 10.100.0.0/16 prefix, one from each spine device in AS 65001, AS 65002, and AS 65003. Since ECMP load balancing is enabled, the leaf device will install all three routes in its routing table and distribute the traffic among them. The other options are incorrect because:

B) 1 is wrong because the leaf device will not receive only one route for the prefix. It will receive multiple routes from different spine devices and use ECMP to load balance among them.

C) 2 is wrong because the leaf device will not receive only two routes for the prefix. It will receive three routes from three spine devices, as explained above.

D) 4 is wrong because the leaf device will not receive four routes for the prefix. It will receive three routes from three spine devices, as explained above. The fourth spine device in AS 65004 is not directly connected to the leaf device and will not advertise the prefix to it.Reference:

IP Fabric Underlay Network Design and Implementation

BGP Multipath load sharing iBGP and eBGP

ECMP Load Balancing

According to the Juniper documentation1, a routing zone is an L3 domain, the unit of tenancy in multi-tenant networks. You create routing zones for tenants to isolate their IP traffic from one another, thus enabling tenants to re-use IP subnets. In addition to being in its own VRF, each routing zone can be assigned its own DHCP relay server and external system connections. You can create one or more virtual networks within a routing zone, which means a tenant can stretch its L2 applications across multiple racks within its routing zone. For virtual networks with Layer 3 SVI, the SVI is associated with a Virtual Routing and Forwarding (VRF) instance for each routing zone isolating the virtual network SVI from other virtual network SVIs in other routing zones. If you're using multiple routing zones, external system connections must be from leaf switches in the fabric. Routing between routing zones must be accomplished with external systems. Therefore, the correct answer is D. Use interconnection through an external gateway.Reference:Routing Zones