A) Scrum

Why Scrum is the Best Fit?

Visualization of Progress (Sprint Reviews & Burndown Charts)

Scrum uses Sprint cycles (1-4 weeks) with regular progress reviews (Sprint Reviews) and burndown charts to track tasks, making it easy for management to visualize weekly progress.

Feedback-Driven & Flexibility

Scrum emphasizes continuous feedback (Daily Standups, Sprint Retrospectives) and allows scope changes at the start of each Sprint (flexibility).

Least Impact on Outcome

Changes are incorporated in the next Sprint, avoiding major disruptions.

Why Not Other Methodologies?

B) LEAN: Focuses on waste reduction, not ideal for iterative project visualization.

C) Kanban: Good for workflow visualization but lacks structured feedback loops like Scrum.

D) Six-Sigma: Focuses on process quality, not agile scope changes.

Conclusion:

Scrum fits best due to its agile flexibility, progress visibility, and feedback integration without derailing outcomes.

Explanation:

Why VPLS Uses "Flood and Learn"?

Traditional Layer 2 Behavior:

VPLS emulates an Ethernet switch over a WAN/MPLS network.

When a MAC address is unknown, VPLS floods the frame to all sites in the same VPLS domain.

The MAC address is learned when a reply frame is received (just like a standard Ethernet switch).

Key Limitation:

This flooding can cause inefficient bandwidth usage in large networks (e.g., data centers).

Modern alternatives like EVPN use BGP to distribute MAC addresses (no flooding).

Why Not Other Options?

A) LISP: A Layer 3 overlay (uses IP routing, no flooding).

B) OTV: Uses IS-IS to advertise MACs (control-plane learning).

D) EVPN: Uses BGP to share MACs (control-plane learning).

Reference:

RFC 4762 (VPLS): Standardizes flood-and-learn behavior.

Cisco Data Center Interconnect (DCI) Design Guide: Recommends EVPN over VPLS for scalability.

Explanation:

1. Segment Routing (B)

How It Enables Multilayer Segmentation:

Uses source-routed paths (segments) to enforce traffic isolation across layers (L2/L3).

Segments can represent network functions (firewalls, SD-WAN, etc.), enabling end-to-end segmentation.

Works with MPLS or IPv6 (SRv6) for scalable segmentation.

2. Data Plane Markings (C)

How They Enable Multilayer Segmentation:

DSCP (L3), 802.1Q VLAN tags (L2), or MPLS labels mark traffic for segmentation.

Devices (switches, routers, firewalls) use these markings to enforce policies at each layer.

Why Other Options Are Incorrect?

A) Policy-Based Routing (PBR): Forces traffic to specific paths but doesn’t inherently segment layers.

D) Firewalls: Enforce segmentation but are not a technology—they use markings or segments.

E) Filter Lists: ACLs filter traffic but don’t provide multilayer segmentation.

Reference:

RFC 8402 (Segment Routing Architecture)

Cisco SD-Access Segmentation Guide (Data Plane Markings)

Explanation:

Key Differences Between FabricPath and TRILL

FabricPath (Cisco Proprietary)

Uses IS-IS for control-plane routing.

Supports active-active First Hop Redundancy Protocol (FHRP) (e.g., anycast HSRP for redundant gateways).

Allows ECMP (Equal-Cost Multi-Path) for load balancing.

TRILL (Standardized, RFC 6325)

Also uses IS-IS (like FabricPath) but is an open standard.

Relies on anycast gateways (no traditional FHRP like HSRP/VRRP).

Supports ECMP (so Option C is incorrect).

Why Other Options Are Wrong?

A) Incorrect because TRILL uses IS-IS (not VXLAN). VXLAN is a separate overlay technology.

C) Incorrect because both TRILL and FabricPath support ECMP.

D) Incorrect because TRILL supports active-active forwarding (not just active-standby).

Reference:

Cisco FabricPath Design Guide: Confirms active-active FHRP support.

RFC 6325 (TRILL): Standardizes anycast gateway behavior.

Explanation:

Why Pruning VLANs is Critical During Migration?

Avoiding Layer 2 Loops:

When hosts are migrated from the legacy network to the VXLAN EVPN fabric, keeping the VLAN active on both networks can cause:

Broadcast storms (if STP fails to block redundant paths).

Duplicate traffic (flooded frames circulating between networks).

Pruning the VLAN from legacy interconnects isolates the migrated segment, preventing loops.

Seamless Host Migration:

The migrated VLAN remains stretched via VXLAN EVPN (Type 2 routes handle MAC/IP reachability).

No need for manual VNID assignment (Option B) or Type 2 re-advertisement (Option C/D) per migration—these are one-time setups.

Why Other Options Are Incorrect?

B) VNIDs are configured once per VLAN in VXLAN, not per migration.

C/D) Type 2 routes and BGP EVPN advertisements are automatically generated when the VLAN is extended into VXLAN.

Reference:

Cisco VXLAN EVPN Design Guide: Recommends pruning legacy VLANs post-migration.

RFC 8365 (EVPN): Type 2 routes handle MAC/IP distribution.

Explanation:

Why These Are Key Advantages of SD-WAN?

B) Separates Infrastructure and Policy:

MPLS: Policies (QoS, routing) are tied to the underlying infrastructure, making changes complex.

SD-WAN: Decouples control plane (policies) from data plane (transport), enabling dynamic, centralized policy

management without hardware changes.

C) Policy-Based Forwarding with Less Complexity:

MPLS: Requires manual QoS tagging and rigid path engineering for real-time traffic (e.g., VoIP).

SD-WAN: Uses application-aware routing (e.g., SaaS, VoIP prioritization) with simple GUI-based policies.

Why Other Options Are Incorrect?

A) FEC (Forward Error Correction) is not unique to SD-WAN (MPLS can also use it).

D) SD-WAN unifies multiple transports (Internet, MPLS, LTE) but doesn’t unify the backbone itself.

E) Both SD-WAN and MPLS support backup links, but SD-WAN dynamically switches (MPLS relies on static failover).

Reference:

Cisco SD-WAN Design Guide: Highlights policy abstraction and application-aware routing.

Gartner SD-WAN Market Guide: Cites simplified policy management as a top benefit.

Explanation:

Why Northbound APIs?

Role in SDN Architecture:

Northbound APIs act as the communication bridge between the Application Layer (e.g., cloud apps, security policies) and the Control Plane Layer (SDN controller).

They allow applications to request network resources (e.g., bandwidth, paths) and pass instructions like:

"Prioritize VoIP traffic."

"Spin up a new VLAN for Tenant X."

Key Advantage:

Enable programmability—applications can dynamically control the network without manual CLI changes.

Why Not Other Options?

A) Southbound APIs: Connect the Control Plane to Data Plane (e.g., OpenFlow to switches).

C) Orchestration Layer: Manages workflows across systems but doesn’t directly handle app-to-control-plane communication.

D) SDN Controller: The brain of the control plane, but northbound APIs are the "language" it uses to talk to apps.

Reference:

Open Networking Foundation (ONF) SDN Architecture: Defines northbound APIs as critical for app-to-controller interaction.

Cisco ACI/Cisco DNA Center: Use northbound APIs (REST, Python) for integration with external apps.

Explanation:

Why the "Replace" Model?

Definition of the Replace Model:

In this SDN framework, the control plane is fully centralized (e.g., an SDN controller).

The traditional distributed routing protocols (OSPF, BGP) are replaced by the controller, which:

Maintains the Routing Information Base (RIB).

Programs the forwarding engine directly (via southbound APIs like OpenFlow).

Applications interact with the network via APIs (northbound) to manipulate routing/forwarding.

How It Matches the Scenario:

The vendor’s solution exposes the RIB/forwarding engine to off-box processes, eliminating the need for distributed routing protocols.

This aligns with the "Replace" model’s goal of centralizing control and enabling direct programmability.

Why Not Other Models?

B) Augmented: Keeps traditional routing protocols but adds SDN enhancements (e.g., PCE for traffic engineering).

C) Hybrid: Combines centralized SDN control with distributed protocols (e.g., some routers run OSPF while others use OpenFlow).

D) Distributed: Traditional networking (no SDN)—routing decisions are made locally on each device.

Reference:

ONF (Open Networking Foundation) SDN Architecture: Defines the Replace model for full control-plane centralization.

RFC 7426 (SDN Taxonomy): Clarifies hybrid vs. replace models.

Need use cases for the Replace model? Ask below!

Explanation:

1. High Availability (Option C)

Dual Hub Dual DMVPN is designed for redundancy. If one hub or cloud fails, the other takes over.

Each DMVPN cloud (e.g., primary and backup) ensures continuous connectivity.

2. Spoke-to-Spoke Traffic (Option D)

By default, spoke-to-spoke traffic transits the hub (hairpinning).

To avoid this, dynamic routing (e.g., EIGRP, OSPF) or NHRP shortcut switching must be enabled for direct spoke-to-spoke tunnels.

Why Other Options Are Incorrect?

A) Dual Hub Dual DMVPN works with multi-tier architectures (e.g., core/distribution layers).

B) Hubs connect to their own DMVPN cloud (not both). Spokes connect to both clouds for redundancy.

Reference:

Cisco DMVPN Design Guide: Dual Hub Dual Cloud for HA and traffic optimization.

RFC 5565 (NHRP): Explains spoke-to-spoke dynamic routing.

Explanation:

Why Public Cloud is the Best Choice?

Cost Efficiency:

No large upfront investments (CapEx) – pay only for what you use (OpEx model).

Reduces IT staff costs since the cloud provider manages infrastructure.

Flexibility & Scalability:

Instantly adapts to changing workloads (auto-scaling, serverless options).

Faster deployment of new services compared to on-premises.

Government Compliance:

Major providers (AWS, Azure) offer government cloud regions with strict security certifications (e.g., FedRAMP, GDPR).

Why Other Options Are Less Suitable?

On-Premises (A): Expensive (hardware, maintenance) and inflexible.

Private Cloud (B): Still requires high CapEx and dedicated IT staff.

Hybrid Cloud (D): Complex and costly (managing both cloud and on-prem systems).

Reference:

AWS EU Sovereign Cloud: Built for European government data residency.

Gartner: Public cloud reduces costs by 30–50% compared to on-premises.

Explanation:

Why Enabling TCP Path MTU Discovery (PMTUD) Improves Performance?

Avoids IP Fragmentation:

PMTUD dynamically determines the maximum MTU (Maximum Transmission Unit) along a path, ensuring TCP packets are sized correctly.

Prevents fragmentation (which degrades performance due to reassembly overhead).

Optimizes Throughput:

Larger, unfragmented packets improve efficiency for TCP-based applications (e.g., VoIP, video streaming, file transfers)

BGP-Specific Impact:

BGP uses TCP (port 179), so PMTUD ensures BGP updates are transmitted efficiently without fragmentation.

Why Other Options Are Incorrect?

B/C) Convergence Time: PMTUD does not affect BGP convergence (convergence depends on timers like keepalives/hold-downs).

D) Loop-Free Path: BGP’s loop prevention relies on AS_PATH, not PMTUD.

Reference:

RFC 1191 (Path MTU Discovery): Standard for TCP PMTUD.

Cisco BGP Best Practices: Recommends PMTUD for large TCP flows.

Explanation:

Why These Are Critical for SDN Success?

B) Dynamic Real-Time Change:

SDN’s value lies in programmable, adaptive networks.

Real-time adjustments (e.g., traffic steering, QoS updates) prevent bottlenecks and align with application needs.

E) Integration of Device Context:

Visibility into device state (CPU, buffer, latency) ensures optimal SDN decisions.

Example: A controller avoids congested paths if switches report high utilization.

Why Other Options Are Less Relevant?

A) Rapid Growth: Important but secondary to real-time control.

C) Falling Back to Old Behaviors: SDN aims to replace legacy methods, not revert to them.

D) Peer-to-Peer Controllers: Most SDN uses hierarchical controllers (e.g., OpenDaylight).

Reference:

ONF SDN Architecture: Highlights real-time programmability and telemetry.

Cisco ACI/Intent-Based Networking: Relies on device context for automation.