Exam 300-415 topic 1 question 29 discussion

I think B is correct.

I also believe it is B. https://community.cisco.com/t5/sd-wan-and-cloud-networking/cisco-sdwan-mpls-transport/td-p/4759812 It is similar thing and you force for max cc as 0 to not form control connections with controllers but you still force other tlocs to advertise this tloc in order to build data plane over it. "If that is true you can update the MPLS interface (under tunnel-interface) with "max-control-connections 0". This command will force the other two transports (gold, green) that can connect to the controllers to send the MPLS interface TLOC info to the controllers." If we choose vBond as Stun Server, it doesn't make sense as there is no NAT done in the MPLS circuit so how would it help? Private colors are not intended to be used with NAT. "On the other hand, private colors are intended for use on connections to clouds where NAT is not utilized"

I suppose D is the correct answer, due to reasons below, 1. As per the question "which interface template establishes BFD neigh over both interface". Which means we need to allow at least 1 control connections on each of the links in-order to form the control connections and in-turn the BFD neigh.

B is correct As per requirements of the question the only correct answer is B, here is what I found on a book: For transports that don’t need to facilitate control connectivity to the controllers (such as with MPLS, wherein the controllers are only reachable via the Internet), you must restrict control connections via the max- control- connections 0 command. This command is applied to the transport tunnel interface.

B is correct because MPLS is not used for control connection and must max-control-connection on this interface be 0 A is not correct, because restrict is one of the OMP attributes that using for data plane not control plane C is not correct, because vbond use as a stun server when other controllers alos put on cloud D is not correct, because when we use internet connection for vbond connectio, we must max-control-connection = 0 on MPLS

B is correct

D is correct

"Which interface template establishes BFD neighbors over both transports?" That immediately rules out the Restrict option. B is correct, you don't want to establish control connection through the MPLS link (since it doesn't reach the controllers).

B is correct

B is the corect answer. If MPLS doesn't have access to the controllers, only max-control-connections to 0 will allow it to form BFD tunnels on MPLS link.

A is the correct Answer. Please remember the question specifies an existing topology of an MPLS TLOC, so you want to restrict this to MPLS, and leave the maximum connections ticked. This would complete the question. I have also rolled out this policy to the controllers for a customer where they added two circuits to an existing topology being MPLS from a ISP.

D is the correct answer

B is the correct answer: - vBond isn`t reachable via MPLS (as explaint in the Text) -> so C can`t be the right answere - onyl 1 Controll Session make no sense, because vSmarts are also Controllers and not reachable vie MPLS (as explaint in the Text) -> So D can`t be the right answere - Answere A limits the IPSEC Tunnels to the color MPLS (but for this, the Controllers DTLS Session must be formed to learn and advertise OMP Routes) - Answere B can only the right Answere, because with setting the max. Controll Sesisons to 0 we told the Edge Device it is not possible to form Control Sessions about this MPLS link and the Edge Device advertise about the existing Internet Control Sessions the MPLS Color TLOCs to the vSmart. This Help to build IPSEC Tunnel over Private Links without creating Control Tunnels over this Cloud!

D is the correct answer

B is the only correct answer

This should be B. The question specifically states that the MPLS link has no connectivity to the controllers in AWS. Without configuring max-control-connections to 0, BFD sessions will not form on the MPLS link. The restrict option, while desirable, is not necessary. Tunnels will attempt from mpls<->biz-internet and will fail, but mpls<->mpls and biz-internet<->biz-internet tunnels will still form. Per Cisco Press's SD-WAN Book: "When a WAN Edge attempts to join the fabric, it attempts to build control connections across each transport deployed at that site. By default, if a transport doesn’t have control connectivity to any of the Cisco SD-WAN controllers, then it won’t build a data plane connection across that transport either. This is very common with cloud deployments where the controllers are in a public or private cloud and your MPLS transport has no connectivity to the Internet." Followed by this note: "There are a few options to still achieve data plane with no control connectivity. One option is to disable control connections on that transport via the max-control-connections command. "

We need the vBond STUN function to build BFD tunnel over the two WAN edges(transports) that don’t know each other. Private IP needs to be NAT via the internet link, non-control connection via TLOC is possible.