ExamTopics Logo
Mail Us[email protected]
Menu
Vmware Discussions
exam questions

Exam 3V0-42.20 All Questions

View all questions & answers for the 3V0-42.20 exam
Go to Exam

Exam 3V0-42.20 topic 1 question 24 discussion

Actual exam question from VMware's 3V0-42.20
Question #: 24
Topic #: 1
[All 3V0-42.20 Questions]

A Solutions Architect is assisting a service provider with designing an NSX-T Data Center solution for these environments:
✑ Virtual Data Center to Virtual Data Center connectivity
✑ Tenant workload on-boarding to Virtual Data Centers.
These requirements must be met:
✑ scalability across 5 data centers
✑ all sites have a latency of 180ms
✑ MTU between sites is 1800
✑ bandwidth is 100Mbps between sites
✑ multi-tenancy
Which two selections should the Solutions Architect propose to the service provider? (Choose two.)

  • A. Configure Remote TEPs for stretching network services between Virtual Data Centers.
  • B. Utilize SSL VPN for workloads on-boarding from on-premises to Virtual Data Centers.
  • C. Configure IPSec VPN for Tenant T0 gateways for Virtual Data Centers connectivity
  • D. Configure IPSec VPN for Tenant T1 gateways for Virtual Data Centers connectivity.
  • E. Utilize L2 VPN for workloads on-boarding from on-premises to Virtual Data Centers.
Show Suggested Answer Hide Answer
Suggested Answer: DE 🗳️
by tungdt at Feb. 16, 2021, 11:13 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Aymanovitchy
Highly Voted 3 years, 6 months ago
C,E since IPSEC tunnel is done on T0 and L2 VPN to expand Layer 2 to onboard VMs
upvoted 8 times
udo2020
1 year, 11 months ago
IPSec tunnel can also be done on T1
upvoted 1 times
...
...
Pheakdey
Highly Voted 3 years, 6 months ago
AE is correct
upvoted 8 times
tedybear
2 years, 10 months ago
Rtep requires latency of 150ms between LM,RLM&GM. the latency here exceeds that
upvoted 4 times
...
...
AT45816
Most Recent 7 months, 2 weeks ago
Selected Answer: CE
CE is correct
upvoted 1 times
...
Gayan84
9 months, 2 weeks ago
Tier-0 gateways are more suitable for connecting multiple data centers with multi-tenancy than Tier-1 gateways. This is because Tier-0 gateways are designed to handle north-south traffic, which is the traffic that flows between the tenants and the external network. Tier-1 gateways are designed to handle east-west traffic, which is the traffic that flows between the tenants themselves.
upvoted 1 times
...
Gayan84
9 months, 2 weeks ago
Selected Answer: CE
Configuring IPSec VPN for Tenant T0 gateways ensures secure connectivity between Virtual Data Centers. T0 gateways are suitable for north-south routing between data centers, aligning with the requirement for connectivity between Virtual Data Centers
upvoted 1 times
...
Gayan84
9 months, 2 weeks ago
Configuring IPSec VPN for Tenant T0 gateways ensures secure connectivity between Virtual Data Centers. T0 gateways are suitable for north-south routing between data centers, aligning with the requirement for connectivity between Virtual Data Centers
upvoted 1 times
...
Gayan84
9 months, 2 weeks ago
Selected Answer: CE
Configuring IPSec VPN for Tenant T0 gateways ensures secure connectivity between Virtual Data Centers. T0 gateways are suitable for north-south routing between data centers, aligning with the requirement for connectivity between Virtual Data Centers
upvoted 1 times
...
4ourDS
1 year, 5 months ago
Selected Answer: DE
A high MTU indicates that the packet size due to VPN communication will be large.
upvoted 1 times
...
outlawww
1 year, 6 months ago
Selected Answer: DE
T1 because of multitenancy.
upvoted 2 times
...
Alchot
1 year, 12 months ago
DE is correct T1 is needed for multitenancy on service provider Latency is higher than supported so each site will have its own NSX-T
upvoted 1 times
...
nick2u
2 years, 10 months ago
DE, T1 is required for multi-yenancy
upvoted 5 times
...
tedybear
2 years, 10 months ago
CD IPSec VPN is supported for T0 and T1 gateways NSX-T Data Center supports IPSec Virtual Private Network (IPSec VPN) and Layer 2 VPN (L2 VPN) on an NSX Edge node. IPSec VPN offers site-to-site connectivity between an NSX Edge node and remote sites. With L2 VPN, you can extend your data center by enabling virtual machines to keep their network connectivity across geographical boundaries while using the same IP address. Onboarding from onprem to remote site requires long distance vmotion with mtu of 150
upvoted 1 times
...
DCL202
2 years, 11 months ago
A and E are not supported, due to 180ms latency: RTT latency is less than or equal to 150 ms, which is required for vMotion to work across two sites. This rules out stretch networking and L2 for migrating workloads. Answer is B, D.
upvoted 2 times
...
Pal68
2 years, 11 months ago
From the coursework: Topologies: • IPsec VPN services are only available on Tier-0 gateways. • Segments can be connected to either Tier-0 or Tier-1 gateways to use VPN services. Considerations: • Overlapping networks or multitenancy requires multiple T0-GWs. • VPN services are only available on active-standby T0-GWs. • NSX-T Data Center supports site-to-site IPsec VPNs in tunnel mode. • DPDK-accelerated performance.
upvoted 1 times
Pal68
2 years, 11 months ago
I.e. Only CE correct
upvoted 1 times
...
...
Arden101
3 years, 3 months ago
Correct answers - DE As mentioned, using Federation for five sites is not possible yet. Therefore, we have to setup L2VPN. IPSec (needed by L2VPN) can be established from T0 as well as T1 (the same rule applies to L2VPN). However, L2VPN is limited (server or client) to one service per gateway, therefore it's not possible to utilize five L2VPN tunnels from the same T0 and we have to deploy five T1s. Btw. 3V0-42.20 is based on NSX-T 3.0 GA (i.e. 3.0.0) and the Federation limit is three sites (four sites was increased in 3.0.1)
upvoted 6 times
...
vkais
3 years, 3 months ago
Can’t be A, that would be NSX-T Federation, which only supports 4 sites. The questions mentions 5 data centers.
upvoted 1 times
Fornax
3 years, 3 months ago
It also can't be A, because federation requires 150ms RTT. https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/installation/GUID-AD369B9D-4ADC-4CE9-B8DC-BB2B47C7BFBF.html
upvoted 1 times
...
...
VMwareARCHI
3 years, 6 months ago
D,E correct
upvoted 5 times
Aymanovitchy
3 years, 6 months ago
how come deply ipsec on T1
upvoted 1 times
diegof1
3 years, 5 months ago
IPsec and Layer 2 VPN are supported on both Tier-1 and Tier-0. https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/administration/GUID-DF689847-252E-451E-84B5-DB507CC010AC.html
upvoted 1 times
...
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago