Juniper JN0-480 Practice Test - Questions Answers, Page 2

According to the Juniper documentation1, an ESI-LAG is a link aggregation group (LAG) that spans two or more devices and is identified by an Ethernet segment identifier (ESI). An ESI-LAG provides redundancy and load balancing for a multihomed server in an EVPN-VXLAN network. To configure an ESI-LAG, you need to ensure that the following requirements are met:

The LACP system ID on both devices must be the same. This ensures that the LACP protocol can negotiate the LAG parameters and form a single logical interface for the server.

The ESI ID on both devices must be the same. This ensures that the EVPN control plane can advertise the ESI-LAG as a single Ethernet segment and synchronize the MAC and IP addresses of the server across the devices.

The VLAN ID and VNI on both devices must be the same. This ensures that the server can communicate with other hosts in the same virtual network and that the VXLAN encapsulation and decapsulation can work properly.

In the exhibit, the LACP system ID and the ESI ID on both devices are different, which prevents the ESI-LAG from coming up as multihomed. Therefore, the correct answer is B and D. The LACP system ID on both devices must be the same and the ESI ID on both devices must be the same.Reference:ESI-LAG Made Easier with EZ-LAG,Example: Configuring an ESI on a Logical Interface With EVPN-MPLS Multihoming,Introduction to EVPN LAG Multihoming

In the case of IP Clos data center five-stage fabric design, the super spines are the devices that provide the highest level of aggregation in the network. They have two main roles:

Super spines are used to interconnect two different data center pods. A pod is a cluster of leaf and spine devices that form a 3-stage Clos topology. A 5-stage Clos topology consists of multiple pods that are connected by the super spines. This allows for scaling the network to support more devices and bandwidth.

Super spines connect to all spine devices within the five-stage architecture. The spine devices are the devices that provide the second level of aggregation in the network. They connect to the leaf devices, which are the devices that provide access to the end hosts. The super spines connect to all the spine devices in the network, regardless of which pod they belong to. This provides any-to-any connectivity between the pods and enables optimal routing and load balancing.

The following two statements are incorrect in this scenario:

Super spines are used to connect leaf nodes within a data center pod. This is not true, because the leaf nodes are connected to the spine nodes within the same pod. The super spines do not connect to the leaf nodes directly, but only through the spine nodes.

Super spines are always connected to an external data center gateway. This is not true, because the super spines are not necessarily involved in the external connectivity of the data center. The external data center gateway is a device that provides the connection to the outside network, such as the Internet or another data center. The external data center gateway can be connected to the super spines, the spine nodes, or the leaf nodes, depending on the design and the requirements of the network.

5-stage Clos Architecture --- Apstra 3.3.0 documentation

5-Stage Clos Architecture | Juniper Networks

Extreme Fabric Automation Administration Guide

A graph query is a component that identifies devices that supply data for a specific probe. A graph query is an expression that matches nodes in the Apstra graph database based on their attributes, such as device name, role, type, or tag.A graph query can be used to select the source devices for the input processors of a probe, as well as to filter the data by device attributes in the subsequent processors of a probe12.Reference:

Probes

Apstra IBA Getting Started Tutorial

To make the IP fabric a valid IP fabric, the connection between the two spine nodes must be removed. This is because an IP fabric is a network topology that uses a spine-leaf architecture, where the spine devices are only connected to the leaf devices, and the leaf devices are only connected to the spine devices. This creates a non-blocking, high-performance, and scalable network that supports Layer 3 routing protocols such as BGP or OSPF. The connection between the two spine nodes in the exhibit violates the spine-leaf design principle and introduces unnecessary complexity and potential loops in the network. The other options are incorrect because:

A) The IP fabric must consist of only one device model throughout the fabric is wrong because an IP fabric can support different device models as long as they are compatible and interoperable. The exhibit shows two different models of QFX switches, which are both supported by Juniper Networks for IP fabric deployments.

B) The connection between the two spine nodes must be increased to 40 Gbps is wrong because increasing the speed of the connection does not make the IP fabric valid. The connection between the two spine nodes should be removed, as explained above.

C) The IP fabric connections must be increased to a speed greater than 10 Gbps is wrong because the speed of the connections does not affect the validity of the IP fabric. The IP fabric can use any speed that meets the bandwidth and performance requirements of the network. 10 Gbps is a common speed for IP fabric connections, but higher or lower speeds can also be used depending on the network design and devices.Reference:

IP Fabric Underlay Network Design and Implementation

IP Fabric Overview

IP Fabric: Automated Network Assurance Platform

According to the Juniper documentation1, a configlet is a configuration template that augments Apstra's reference design with non-native device configuration. They consist of one or more generators. Each generator specifies a NOS type (config style), when to render the configuration, and CLI commands (and file name as applicable). Some applications for configlets include the following:

Syslog

SNMP access policy

TACACS / RADIUS

Management ACLs

Control plane policing

NTP

Username / password

Therefore, the correct answer is C and D. syslog configuration and NTP configuration. These are examples of non-native device configuration that can be added using a configlet. Static route configuration and policy configuration are not applicable in this scenario, because they are part of the reference design configuration that should not be replaced or modified by a configlet.Reference:Configlets (Datacenter Design),Configlet Examples (Design)

Juniper Apstra role-based access control (RBAC) is a feature that allows you to specify access permissions for different users based on their roles.RBAC servers are remote network servers that authenticate and authorize network access based on roles assigned to individual users within an enterprise1.Juniper Apstra has four predefined user roles: administrator, device_ztp, user, and viewer2. The administrator role is the most powerful role, and it can see all permissions and perform all actions in the Apstra software application.The administrator role can also create, clone, edit, and delete user roles, except for the four predefined user roles, which cannot be modified2. Therefore, the statement that the administrator role can see all permissions is correct.

The following three statements are incorrect in this scenario:

The viewer role is predefined and can be deleted. This is not true, because the viewer role is one of the four predefined user roles, and it cannot be deleted.The viewer role is the most restricted role, and it can only view the network information and configuration, but not make any changes2.

The user role can create roles. This is not true, because the user role is one of the four predefined user roles, and it cannot create roles.The user role can perform most of the network configuration and management tasks, but it cannot access the platform settings or the user management features2.

The administrator role is the only predefined role. This is not true, because there are four predefined user roles, not just one.The other three predefined user roles are device_ztp, user, and viewer2.

Providers --- Apstra 3.3.0 documentation

User/Role Management (Platform)

Device profiles are objects that associate a specific vendor model to a logical device in Juniper Apstra. Device profiles contain extensive hardware model details, such as form factor, ASIC, CPU, RAM, ECMP limit, and supported features. Device profiles also define how configuration is generated, how telemetry commands are rendered, and how configuration is deployed on a device.Device profiles enable the Apstra system to render and deploy the configuration according to the Apstra Reference Design12.Reference:

Device Profiles

Juniper Device Profiles

VXLAN VNIs are virtual network identifiers that are used to identify and isolate Layer 2 segments in the overlay network. VXLAN VNIs have the following characteristics:

VNIs can have over 16 million unique values.This is because VXLAN VNIs are 24-bit fields that can range from 4096 to 16777214, according to the VXLAN standard1. This allows VXLAN to support a large number of Layer 2 segments and tenants in the network.

VNIs identify a broadcast domain. This is because VXLAN VNIs are used to group the end hosts that belong to the same Layer 2 segment and can communicate with each other using VXLAN tunnels. The VXLAN tunnels are established using the VTEP information that is distributed by EVPN. The VTEPs are VXLAN tunnel endpoints that perform the VXLAN encapsulation and decapsulation.The VXLAN tunnels preserve the Layer 2 semantics and support the broadcast, unknown unicast, and multicast traffic within the same VNI2.

The following two statements are incorrect in this scenario:

VNIs identify a collision domain. This is not true, because VXLAN VNIs do not identify a collision domain, which is a network segment where data packets can collide with each other. VXLAN VNIs identify a broadcast domain, which is a network segment where broadcast traffic can reach all the devices.Collision domains are not relevant in VXLAN networks, because VXLAN uses MAC-in-UDP encapsulation and IP routing to transport the Layer 2 frames over the Layer 3 network1.

VNIs are alphanumeric values. This is not true, because VXLAN VNIs are numeric values, not alphanumeric values.VXLAN VNIs are 24-bit fields that can range from 4096 to 16777214, according to the VXLAN standard1. Alphanumeric values are values that contain both letters and numbers, such as ABC123 or 1A2B3C.

Virtual Extensible LAN (VXLAN) Overview

EVPN LAGs in EVPN-VXLAN Reference Architectures

When a new switch is added to Juniper Apstra software, it initially shows the ''0 OS-Quarantined'' status, which means that the device is not yet managed by Apstra and has not been assigned to any blueprint. The proper next step to make the device ready for use in a blueprint is to acknowledge the device, which is a manual action that confirms the device identity and ownership.Acknowledging the device changes its status to ''OOS-Ready'', which means that the device is ready to be assigned to a blueprint and deployed12.Reference:

Managing Devices

AOS Device Configuration Lifecycle