Juniper JN0-480 Data Center Specialist (JNCIS-DC) Exam Practice Test

To implement ECMP in IP fabric using EBGP, you need to enable BGP to install multiple equal-cost paths in the routing table and to advertise them to the peers. The following actions are required to achieve this:

• B. Use a load balancing policy applied to BGP as an export policy. This is true because you need to apply a load balancing policy to BGP as an export policy to allow BGP to advertise multiple paths to the same destination to the peers. By default, BGP only advertises the best path to the peers, which prevents ECMP. A load balancing policy can be configured to match the desired routes and set the multipath attribute to true. This will enable BGP to advertise up to the maximum number of paths configured by the maximum-paths command. For example, the following configuration applies a load balancing policy to BGP as an export policy for the neighbor 10.10.10.1:

policy-statement load-balance { term 1 { from { route-filter 192.168.0.0/16 exact; } then { multipath; accept; } } } protocols { bgp { group ebgp { type external; neighbor 10.10.10.1 { export load-balance; } } } }

• C. Use the multipath multiple-as BGP parameter. This is true because you need to enable the multipath multiple-as BGP parameter to allow BGP to install multiple paths from different autonomous systems in the routing table. By default, BGP only installs multiple paths from the same autonomous system, which limits ECMP. The multipath multiple-as parameter can be configured under the BGP group or neighbor level. This will enable BGP to install up to the maximum number of paths configured by the maximum-paths command. For example, the following configuration enables the multipath multiple-as parameter for the BGP group ebgp:

protocols { bgp { group ebgp { type external; multipath multiple-as; } } }

The following options are incorrect because:

• A. Use a load balancing policy applied to the forwarding table as an export policy is wrong because applying a load balancing policy to the forwarding table does not affect the BGP advertisement or installation of multiple paths. A load balancing policy applied to the forwarding table only affects how the traffic isdistributed among the multiple paths in the forwarding table. It does not enable ECMP in BGP.
• D. Use a load balancing policy applied to BGP as an import policy is wrong because applying a load balancing policy to BGP as an import policy does not affect the BGP advertisement of multiple paths. A load balancing policy applied to BGP as an import policy only affects how the BGP routes are accepted or rejected from the peers. It does not enable ECMP in BGP. References:
• IP Fabric Underlay Network Design and Implementation
• Use ECMP to distribute traffic between two paths, one learned by eBGP and one learned by iBGP on a Cisco NX-OS switch
• Example: Configure an EVPN-VXLAN Centrally-Routed Bridging Fabric Using EBGP

The cabling map is a graphical representation of the physical connections between the devices in the data center fabric. It shows the status of the cables, interfaces, and BGP sessions for each device. You can use the cabling map to verify and repair the cabling before deploying your blueprint. Based on the web search results, we can infer the following statements:

• Apstra can use LLDP data from the spine-to-leaf fabric devices to update the connections in the cabling map. This is true because Apstra can collect LLDP data from the devices using the Generic Graph Collector processor and use it to update the cabling map automatically. LLDP is a protocol that allows devices to exchange information about their identity, capabilities, and neighbors12.
• Apstra can use LLDP data from the leaf devices to update the leaf-to-generic connections in the cabling map. This is true because Apstra can also collect LLDP data from the leaf devices and use it to update the connections to the generic devices, such as routers, firewalls, or servers. Generic devices are devices that are not managed by Apstra but are part of the data center fabric23.
• You must manually change the cabling map to update spine-to-leaf fabric links. This is false because Apstra can use LLDP data to update the spine-to-leaf fabric links automatically, as explained above. However, you can also manually change the cabling map to override the Apstra-generated cabling, if needed24.
• You must manually change the cabling map to update leaf-to-generic links. This is false because Apstra can use LLDP data to update the leaf-to-generic links automatically, as explained above. However, you can also manually change the cabling map to override the Apstra-generated cabling, if needed24. References:
• LLDP Overview
• Edit Cabling Map (Datacenter)
• Generic Devices
• Import / Export Cabling Map (Datacenter)

 Probes are the basic unit of abstraction in Intent-Based Analytics (IBA). They are used to collect, process, and analyze data from the network and raise anomalies based on specified conditions. Probes are composed of processors and stages that form a directed acyclic graph (DAG) of data flow. The following statements are correct about probes:

• A. Default probes can be cloned, modified, and saved. This is true because Apstra provides a set of default probes that cover common use cases and scenarios. These probes can be cloned and modified to suit the specific needs of the user. The modified probes can be saved as new probes with different names and descriptions. This allows the user to customize and extend the functionality of the default probes.
• D. Default probes are enabled, based on the intent for a blueprint. This is true because Apstra enables or disables the default probes automatically based on the intent of the blueprint. The intent of the blueprint is the high-level description of the desired state and behavior of the network. Apstra uses the intent to determine which default probes are relevant and applicable for the blueprint and enables them accordingly. For example, if the intent of the blueprint is to deployan EVPN-VXLAN fabric, Apstra will enable the default probes related to EVPN-VXLAN, such as EVPN-VXLAN Anomaly Detection, EVPN-VXLAN Fabric Health, and EVPN-VXLAN Fabric Validation. The following statements are incorrect about probes:
• B. Only the variable parameters for default probes can be edited and saved. This is false because the user can edit and save any parameters for the default probes, not just the variable ones. The variable parameters are the ones that depend on the network topology, devices, or configuration, such as device names, interface names, IP addresses, VLAN IDs, etc. The user can also edit and save the fixed parameters, such as the duration, threshold, condition, etc. However, the user cannot edit and save the default probes directly. The user must clone the default probes first and then edit and save the cloned probes as new probes.
• C. All default probes are enabled for all blueprints. This is false because Apstra does not enable all default probes for all blueprints. Apstra enables the default probes based on the intent of the blueprint, as explained above. This means that only the default probes that are relevant and applicable for the blueprint are enabled. For example, if the intent of the blueprint is to deploy a BGP IP fabric, Apstra will not enable the default probes related to EVPN-VXLAN, since they are not relevant for the blueprint. The user can also manually enable or disable the default probes as needed. References:
• Probes
• Create Probe
• Intent-Based Analytics Overview

According to the Juniper documentation1, a five-stage Clos architecture allows for large-scale topologies with an additional aggregation layer that interconnects multiple pods into a single fabric. A pod is a group of racks that share the same spine devices. A rack is a group of leaf devices that connect to the same servers. To create a five-stage Clos network using Juniper Apstra, you need to choose the pod-based fabric type in the template creation wizard. This will allow you to specify the number of pods, planes, spines, and leaves for your network design. Therefore, the correct answer is D. pod-based. References: 5-Stage Clos Architecture | Apstra 4.1 | Juniper Networks

To configure a static route for traffic to exit a configured routing zone, you need to use the Connectivity Templates feature in the Juniper Apstra UI. A Connectivity Template is a set of configuration parameters that can be applied to a device or a group of devices in a blueprint. You can use Connectivity Templates to configure static routes, BGP, OSPF, and other network services. To create a Connectivity Template, you need to go to the Staged tab and select Connectivity Templates from the left menu. Then, you can click on the + icon to create a new template. You can specify the name, description, andscope of the template. The scope determines which devices or device groups the template will be applied to. You can also specify the order of the template, which determines the priority of the template when multiple templates are applied to the same device. After creating the template, you can add configuration items to the template. To add a static route, you need to select Static Route from the drop-down menu and enter the destination network, subnet mask, and next-hop IP address. You can also specify the administrative distance and the track object for the static route. After adding the configuration items, you need to save the template and commit the changes to the blueprint. The other options are incorrect because:

• A. under Active -> Virtual -> Routing Zones is wrong because this option allows you to view and modify the existing routing zones, but not to configure static routes for them.
• B. under Staged -> Virtual -> Routing Zones is wrong because this option allows you to create and delete routing zones, but not to configure static routes for them.
• C. under Active -> Connectivity Templates is wrong because this option allows you to view the existing connectivity templates, but not to create or modify them. References:
• Connectivity Templates
• Data Center Automation Using Juniper Apstra

To create a new routing zone, you must specify the VRF Name, VLAN ID, and VNI for the routing zone. These are the mandatory fields in the user interface shown in the exhibit. The VRF Name is the name of the L3 domain that isolates the IP traffic of the routing zone from other routing zones. The VLAN ID is the identifier for the VLAN tagged Layer 3 links on external connections. The VNI is the VxLAN Network Identifier associated with the routing zone. The Routing Policies are optional fields that allow you to configure import and export route targets for the routing zone. These are onlyapplicable for EVPN routing zones, which use MP-EBGP as the overlay control protocol. The other options are incorrect because:

• A. VRF Name only is wrong because you also need to specify the VLAN ID and VNI for the routing zone.
• B. VRF Name and Routing policies is wrong because you also need to specify the VLAN ID and VNI for the routing zone. Routing policies are optional and only relevant for EVPN routing zones.
• D. VRF Name, VLAN ID, VNI, Routing Policies is wrong because Routing Policies are optional and not required to create a new routing zone. References:
• Routing Zones (Virtual)
• Data Center Automation Using Juniper Apstra

EVPN uses a route distinguisher (RD) value to identify which remote leaf device advertised the EVPN route. An RD is a 64-bit value that is prepended to the EVPN NLRI to create a unique VPNv4 or VPNv6 prefix. The RD value is usually derived from the IP address of the PE that originates the EVPN route. By comparing the RD values of different EVPN routes, a PE can determine which remote PE advertised the route and which VRF the route belongs to. The other options are incorrect because:

• B. a community tag is wrong because a community tag is an optional transitive BGP attribute that can be used to group destinations that share some common properties. A community tag does not identify the source of the EVPN route.
• C. a route target value is wrong because a route target (RT) value is an extended BGP community that is used to control the import and export of EVPN routes between VRFs. An RT value does not identify the source of the EVPN route.
• D. a VRF target value is wrong because there is no such thing as a VRF target value in EVPN. A VRF is a virtual routing and forwarding instance that isolates the IP traffic of different VPNs on a PE. A VRF does not have a target value associated with it. References:
• EVPN Fundamentals
• RFC 9136 - IP Prefix Advertisement in Ethernet VPN (EVPN)
• EVPN Type-5 Routes: IP Prefix Advertisement
• Understanding EVPN Pure Type 5 Routes

When an agent installation is successful, devices are placed into the Out of Service Quarantined (OOS-QUARANTINED) state using the Juniper Apstra UI. This state means that the device is not yet managed by Apstra and has not been assigned to any blueprint. The device configuration at this point is called Pristine Config. To make the device ready for use in a blueprint, you need to acknowledge the device, which is a manual action that confirms the device identity and ownership. Acknowledging the device changes its status to Out of Service Ready (OOS-READY)12. References:

• Managing Devices
• AOS Device Configuration Lifecycle

In the case of IP Clos data center five-stage fabric design, the super spines are the devices that provide the highest level of aggregation in the network. They have two main roles:

• Super spines are used to interconnect two different data center pods. A pod is a cluster of leaf and spine devices that form a 3-stage Clos topology. A 5-stage Clos topology consists of multiple pods that are connected by the super spines. This allows for scaling the network to support more devices and bandwidth.
• Super spines connect to all spine devices within the five-stage architecture. The spine devices are the devices that provide the second level of aggregation in the network. They connect to the leaf devices, which are the devices that provide access to the end hosts. The super spines connect to all the spine devices in the network, regardless of which pod they belong to. This provides any-to-any connectivity between the pods and enables optimal routing and load balancing.

The following two statements are incorrect in this scenario:

• Super spines are used to connect leaf nodes within a data center pod. This is not true, because the leaf nodes are connected to the spine nodes within the samepod. The super spines do not connect to the leaf nodes directly, but only through the spine nodes.
• Super spines are always connected to an external data center gateway. This is not true, because the super spines are not necessarily involved in the external connectivity of the data center. The external data center gateway is a device that provides the connection to the outside network, such as the Internet or another data center. The external data center gateway can be connected to the super spines, the spine nodes, or the leaf nodes, depending on the design and the requirements of the network.

References:

• 5-stage Clos Architecture — Apstra 3.3.0 documentation
• 5-Stage Clos Architecture | Juniper Networks
• Extreme Fabric Automation Administration Guide

According to the Juniper documentation1, a routing zone is an L3 domain, the unit of tenancy in multi-tenant networks. You create routing zones for tenants to isolate their IP traffic from one another, thus enabling tenants to re-use IP subnets. In addition to being in its own VRF, each routing zone can be assigned its own DHCP relay server and external system connections. You can create one or more virtual networks within a routing zone, which means a tenant can stretch its L2 applications across multiple racks within its routing zone. For virtual networks with Layer 3 SVI, the SVI is associated with a Virtual Routing and Forwarding (VRF) instance for each routing zone isolating the virtual network SVI from other virtual network SVIs in other routing zones. If you’re using multiple routing zones, external system connections must be from leaf switches in the fabric. Routing between routing zones must be accomplished with external systems. Therefore, the correct answer is D. Use interconnection through an external gateway. References: Routing Zones

According to the Juniper documentation1, a predefined device profile is a configuration template that is shipped with Apstra software and supports most qualified Juniper devices. A predefined device profile cannot be changed, since any changes would be discarded and overwritten when you upgrade the Apstra server version. If you want to customize a predefined device profile, you can clone and edit it instead. Therefore, the correct answer is A. The changes you make to a predefined device profile will be discarded and overwritten when upgrading the Apstra server version. References: Edit Device Profile | Apstra 4.2 | Juniper Networks

The Links table in the Staged tab shows the physical connections between the devices in the fabric. It provides information such as the source and destination device names, hostnames, serial numbers, roles, interfaces, and link status. The Links table can be used to assist the team that is installing and cabling the devices by verifying that the devices are connected correctly and that the links are operational. The Links table can also be used to troubleshoot any connectivity issues that may arise during the installation process. For more information, see Links (Staged). References:

• Links (Staged)
• Topology (Staged)
• Staged

According to the Juniper documentation1, a routing zone is an L3 domain, the unit of tenancy in multi-tenant networks. You create routing zones for tenants to isolate their IP traffic from one another, thus enabling tenants to re-use IP subnets. In addition to being in its own VRF, each routing zone can be assigned its own DHCP relay server and external system connections. You can create one or more virtual networks within a routing zone, which means a tenant can stretch its L2 applications across multiple racks within its routing zone. For virtual networks with Layer 3 SVI, the SVI is associated with a Virtual Routing and Forwarding (VRF) instance for each routing zone isolating the virtual network SVI from other virtual network SVIs in other routing zones. Therefore, the correct answer is D. A routing zone is used to enable the communication between two VNIs within a VRF. A routing zone is not used for L4-L7 inspection, securing routing protocols, or requiring firewalls. Those are not the purposes of a routing zone in Juniper Apstra software. References: Routing Zones

Device profiles are objects that associate a specific vendor model to a logical device in Juniper Apstra. Device profiles contain extensive hardware model details, such as form factor, ASIC, CPU, RAM, ECMP limit, and supported features. Device profiles also define how configuration is generated, how telemetry commands are rendered, and how configuration is deployed on a device. Device profiles enable the Apstra system to render and deploy the configuration according to the Apstra Reference Design12. References:

• Device Profiles
• Juniper Device Profiles

The Juniper Apstra Rendered configuration is the configuration that is generated from the staged blueprint and applied to the devices in the network. The Rendered configuration is dynamically rendered at commit time, which means that it is created on the fly based on the latest changes and validations in the blueprint. The Rendered configuration is not stored in any database, but it can be viewed in the Apstra UI or downloaded as a file. The Rendered configuration reflects the desired state of the network as defined by the intent of the blueprint. The other options are incorrect because:

• A. It is built at commit time and stored in a MySQL database is wrong because the Rendered configuration is not stored in any database, let alone a MySQLdatabase. Apstra uses a graph database to store the network topology and configuration data, not a relational database like MySQL.
• B. It is stored in a NoSQL database and incrementally updated is wrong because the Rendered configuration is not stored in any database, let alone a NoSQL database. Apstra uses a graph database to store the network topology and configuration data, not a non-relational database like NoSQL. The Rendered configuration is not incrementally updated, but dynamically rendered at commit time.
• D. It is rendered from the graph database and stored locally is wrong because the Rendered configuration is not rendered from the graph database, but from the staged blueprint. The graph database stores the network topology and configuration data, but the Rendered configuration is generated from the blueprint, which is a logical representation of the network design and intent. The Rendered configuration is not stored locally, but it can be downloaded as a file if needed. References:
• Config Rendering in Juniper Apstra
• AOS Device Configuration Lifecycle
• Configlets (Datacenter Design)

To keep virtual networks isolated from each other within the Juniper Apstra system, you can use one or more of the following methods:

• Enable Security Policy for virtual networks in the same Routing Zone. This allows you to define rules that control the traffic flow between different virtual networks within the same routing zone. You can specify the source and destination virtual networks, the protocol, the port, and the action (allow or deny) for each rule. The security policy is applied on the ingress interface of the leaf devices1.
• Use Connectivity Templates to block access within the same Routing Zone. This allows you to customize the connectivity between different racks within the same routing zone. You can create templates that define the link type, the routing protocol, and the access control list(ACL) for each rack pair. The ACL can be used to filter the traffic based on the source and destination IP addresses, the protocol, and the port2.
• Put each network in different Routing Zones. This allows you to create logical boundaries between different virtual networks based on the route target (RT) values. A routing zone is a collection of virtual networks that share the same RT for importing and exporting routes. Virtual networks in different routing zones do not exchange routes with each other, unless you configure remote EVPN gateways to connect them3. References:
• Security Policy
• Connectivity Templates
• Routing Zones

The deploy phase is the final step in the Juniper Apstra data center fabric design and deployment process. In this phase, you apply the Apstra-rendered configuration to the devices and verify the intent of the blueprint. Based on the web search results, we can infer the following actions are required during the deploy phase12:

• Assign device profiles to the blueprint. This action associates a specific vendor model to each logical device in the blueprint. Device profiles contain extensive hardware model details, such as form factor, ASIC, CPU, RAM, ECMP limit, and supported features. Device profiles also define how configuration is generated, how telemetry commands are rendered, and how configuration is deployed on a device. Device profiles enable the Apstra system to render and deploy the configuration according to the Apstra Reference Design34.
• Assign resources to the blueprint. This action allocates the physical devices, IP addresses, VLANs, and ASNs to the logical devices, networks, and routing zones in the blueprint. Resources can be assigned manually or automatically by the Apstra system. Assigning resources ensures that the blueprint has all the necessary elements to generate the configuration and deploy the fabric5 .
• Assign user roles to the blueprint. This action is not required during the deploy phase. User roles are defined at the system level, not at the blueprint level. User roles determine the permissions and access levels of different users in the Apstra system. User roles can be system-defined or custom-defined .
• Assign interface maps to the blueprint. This action is not required during the deploy phase. Interface maps are defined at the design phase, not at the deploy phase. Interface maps are objects that map the logical interfaces of a logical device to the physical interfaces of a device profile. Interface maps enable the Apstra system to generate the correct interface configuration for each device in the fabric . References:
• Deploy
• Deploy Device
• Device Profiles
• Juniper Device Profiles
• Resources

A connectivity template is a set of configuration parameters that can be applied to a device or a group of devices in a blueprint. A blueprint is a logical representation of the network design and intent. A primitive is a basic unit of configuration that can be added to a connectivity template. A primitive can be a link, a peering, a policy, or a service. In the exhibit, the red-striped primitives indicate that further configuration is required for them to be compatible with the connectivity template design. The red stripes mean that the primitive is incomplete or invalid, and it needs to be edited or deleted. For example, the IP Link primitive needs to have the interface name and IP address specified for each end of the link. The other options are incorrect because:

• A. The gray-solid primitives indicate further configuration is required is wrong because the gray-solid primitives indicate that they are compatible with the connectivity template design. The gray color means that the primitive is valid and complete, and it does not need any further configuration.
• B. The gray-solid primitives indicate that they are incompatible with the connectivity template design is wrong because the gray-solid primitives indicate that they are compatible with the connectivity template design, as explained above.
• C. The red-striped primitives indicate that they are incompatible with the connectivity template design is wrong because the red-striped primitives indicate that further configuration is required, not that they are incompatible. The red stripes mean that the primitive is incomplete or invalid, but it can be fixed by editing or deleting it. References:
• Connectivity Templates
• Data Center Automation Using Juniper Apstra
• Config Rendering in Juniper Apstra

According to the Juniper documentation1, a configlet is a configuration template that augments Apstra’s reference design with non-native device configuration. They consist of one or more generators. Each generator specifies a NOS type (config style), when to render the configuration, and CLI commands (and file name as applicable). Some applications for configlets include the following:

• Syslog
• SNMP access policy
• TACACS / RADIUS
• Management ACLs
• Control plane policing
• NTP
• Username / password

Therefore, the correct answer is C and D. syslog configuration and NTP configuration. These are examples of non-native device configuration that can be added using a configlet. Static route configuration and policy configuration are not applicable in this scenario, because they are part of the reference design configuration that should not be replaced or modified by a configlet. References: Configlets (Datacenter Design), Configlet Examples (Design)