Nokia Data Center Fabric Fundamentals Exam Questions and Answers
Based on the exhibit output, which of the following statements is TRUE?
Options:
An ACL filter is configured to accept ICMP packets, which are then processed by the tcpdump-like utility.
capture-filter is configured to copy ICMP packets to the CPM where they are processed by the tcpdump-like utility.
A cpm-filter policer is configured to rate limit ICMP packets, which are then captured in a log file.
A cpm-filter is configured to accept ICMP packets, which are then captured in a log file.
Answer:
BExplanation:
Comprehensive and Detailed Explanation with Exact Extracts:
Exhibit Analysis:
The output shows real-time ICMP packet captures (echo requests/replies) with detailed metadata (interface, source/destination IP, protocol, size, TTL).
The command tools system traffic-monitor protocol icmp confirms this is a tcpdump-like utility (packet capture tool), not a log file.
Mechanism for Packet Capture:
Capture-filter ACL is required to copy data-plane packets (like ICMP between hosts) to the CPM for analysis by traffic-monitor.
Extract from Nokia SR Linux Troubleshooting Guide:
"traffic-monitor is a CPM-based packet capture tool. To capture data-plane traffic (e.g., host-to-host ICMP), a capture-filter ACL must be applied to interfaces to copy packets to the CPM."
Extract from Nokia SR Linux ACL Configuration Guide:
"Unlike cpm-filter (for control-plane protection), capture-filter ACLs are designed to mirror user traffic to the CPM for debugging via traffic-monitor."
Why Other Options Are False:
A: Generic "ACL filter" is ambiguous. Only capture-filter ACLs copy data-plane traffic to the CPM for traffic-monitor.
C: cpm-filter policer rate-limits control-plane traffic (e.g., ICMP to the router), not host-to-host ICMP. It does not enable packet capture.
D: cpm-filter handles control-plane traffic destined for the router (e.g., ICMP to router IPs), not transit traffic. It does not support traffic-monitor.
Which of the following statements about next-hop groups is TRUE?
Options:
The next-hop for a next-hop-group must be a local IP address.
Multiple static routes can use the same next-hop-group.
ICMP destination unreachable message is always sent when blackhole is specified in the next-hop-group.
A next-hop-group can only specify one next-hop for forwarding.
Answer:
BExplanation:
Comprehensive and Detailed Explanation with Exact Extracts:
Option A is FALSE: Next-hop groups support indirect next-hops (non-local IPs requiring recursive lookup).
Extract from Nokia SR Linux Configuration Guide (Section: Next-Hop Groups):
"The next-hop can be a directly attached IP address or an indirect next-hop (e.g., a router IP not on a directly connected subnet)."
Option B is TRUE: Next-hop groups are reusable objects referenced by multiple static routes.
Extract from Nokia SR Linux Configuration Guide (Section: Next-Hop Groups):
"A single next-hop group can be referenced by multiple static routes, simplifying configuration for shared forwarding behavior."
Option C is FALSE: Blackhole next-hop groups silently drop traffic by default. ICMP unreachable messages require explicit configuration.
Extract from Nokia SR Linux Configuration Guide (Section: Blackhole Routes):
"When blackhole is configured, traffic is discarded without sending ICMP unreachable messages unless send-blackhole-icmp true is explicitly set."
Option D is FALSE: Next-hop groups support ECMP with multiple next-hops.
Extract from Nokia SR Linux Fundamentals Guide (Section: Next-Hop Groups):
"A next-hop group can define multiple next-hops for Equal-Cost Multi-Path (ECMP) load balancing."
Which of the following statements about the VXLAN tunneling in data centers is FALSE?
Options:
VXLAN tunnel endpoints can be on hypervisors, leaf routers, or datacenter gateways.
EVPN routes are exchanged between VXLAN tunnel endpoints.
Each VXLAN tunnel endpoint is automatically assigned with a unique VNI value.
VXLAN tunneling is used to provide Layer 2 connectivity between workloads over a common underlay network.
Answer:
CExplanation:
Comprehensive and Detailed Explanation with Exact Extracts:
Option A (TRUE): VTEPs (VXLAN Tunnel Endpoints) are deployed flexibly.
Extract from Nokia VXLAN Configuration Guide:
"VTEPs can reside on hypervisors (virtual switches), leaf routers (network-based overlays), or data center gateways (for inter-fabric connectivity)."
Option B (TRUE): EVPN is the control plane for VXLAN.
Extract from Nokia EVPN-VXLAN Integration Guide:
"EVPN route types (e.g., Type 2 MAC/IP, Type 3 Inclusive Multicast) are exchanged between VTEPs to establish forwarding semantics for the VXLAN overlay."
Option C (FALSE): The VNI (VXLAN Network Identifier) is not automatically assigned per VTEP.
Extract from Nokia SR Linux Fundamentals Guide (Section: VXLAN):
"The VNI is a manually configured 24-bit segment ID per Layer 2 domain (or VRF for L3VNI). A single VTEP handles multiple VNIs simultaneously. VTEPs are identified by IP addresses, not VNIs."
Option D (TRUE): VXLAN enables L2 extension over IP underlays.
Extract from Nokia Data Center Design Guide:
"VXLAN encapsulation provides Layer 2 connectivity between workloads (e.g., VMs, containers) across a routed underlay network."
Which of the following statements about configuration checkpoints in Nokia SR Linux is FALSE?
Options:
Checkpoint 0 is always the oldest checkpoint.
The current running configuration can be saved as a JSON-formatted checkpoint file.
The operator can revert to any existing checkpoint.
The operator can generate a new checkpoint when committing configuration changes.
Answer:
AExplanation:
Comprehensive and Detailed Explanation From Exact Extract:
Option A: FALSE – Checkpoint 0 is the latest (most recent), not the oldest.
"Checkpoints are numbered sequentially, with 0 representing the most recent checkpoint. Higher numbers indicate older checkpoints."
— SR Linux Configuration Management Guide, "Checkpoint Numbering"
Option B: TRUE – Checkpoints are stored as JSON files.
"Checkpoints capture the running configuration in JSON format for easy parsing and restoration."
— SR Linux CLI User Guide, "Checkpoint Operations"
Option C: TRUE – Reversion to any checkpoint is supported.
"Operators can revert to any saved checkpoint, restoring the system to that specific state."
— SR Linux Configuration Management Guide, "Checkpoint Revert"
Option D: TRUE – Checkpoints can be auto-generated on commit.
"The system can be configured to create a new checkpoint automatically upon successful commit."
— SR Linux CLI User Guide, "Commit Options"
Conclusion: Option A is false because checkpoint 0 is the newest.
Examine the exhibit. Which of the following statements is TRUE?
Options:
A recursive lookup is performed to resolve 10.2.1.0 to use 10.1.1.0.
A recursive lookup is performed to resolve 10.1.1.0 to use 10.2.1.0.
The next-hop group for this static route is configured with two next-hops.
The next-hop selected for this route will be based on the preference value configured for each next-hop.
Answer:
CExplanation:
Comprehensive and Detailed Explanation with Exact Extracts:
Option A & B are FALSE: While recursive lookups are required for both next-hops (10.1.1.0 and 10.2.1.0), there is no dependency between them. Each next-hop must be resolved independently via a separate recursive lookup in the routing table. Neither next-hop is resolved "using" the other.
Extract from Nokia SR Linux Configuration Guide (Section: Static Routes):
"An indirect next-hop is not directly connected. The system must perform a recursive lookup in the routing table to find a route that matches the indirect next-hop IP address and resolve it to a directly attached next-hop and egress interface. Each indirect next-hop in a route is resolved independently."
Extract from Nokia SR Linux Fundamentals Guide (Section: Route Resolution):
"Routes with indirect next-hops require recursive route lookup. The router searches its routing table for a path to the indirect next-hop IP address itself. Multiple indirect next-hops in a single route entry are resolved in parallel, not sequentially."
Option C is TRUE: The exhibit shows a single static route (192.168.20.0/30) with two indirect next-hops (10.1.1.0 and 10.2.1.0). This configuration defines a next-hop group with two members for this route, enabling Equal-Cost Multi-Path (ECMP) load balancing or redundancy.
Extract from Nokia SR Linux Configuration Guide (Section: Static Routes):
"Multiple next-hop addresses can be specified for a static route. This creates a next-hop group. Traffic matching the route prefix is load-balanced across all active next-hops in the group using ECMP."
Extract from Nokia SR Linux Fundamentals Guide (Section: Static Routing):
"A static route entry listing multiple next-hops implies a next-hop group. The number of next-hops listed in the show route-table output for a single route ID directly indicates the number of next-hops configured in the group."
Option D is FALSE: The preference value (Pref) is configured per route, not per next-hop within the route. Both next-hops (10.1.1.0 and 10.2.1.0) share the same preference value (5), as they belong to the same route entry (ID 0). Next-hop selection within the group is based on the ECMP hashing algorithm, not preference. Preference is used to choose between different routes (from different protocols) to the same prefix.
Extract from Nokia SR Linux Configuration Guide (Section: Static Routes):
"The preference value is a property of the static route itself, not individual next-hops within it. All next-hops in a static route's next-hop group inherit the same preference value."
Extract from Nokia SR Linux Fundamentals Guide (Section: Route Selection):
"When multiple next-hops exist for a route (ECMP), the active next-hop for a specific flow is determined by a hash of packet header fields (e.g., 5-tuple). Preference values are only compared when selecting between different routes (e.g., static vs. BGP) to the same prefix."
Which of the following statements about the data center’s leaf-spine topology (clos network) is FALSE?
Options:
Each leaf router is connected to all the spine routers in the cluster.
It provides a consistent path for east-west traffic.
It uses the spanning tree protocol to avoid forwarding loops.
It uses ECMP to distribute traffic across duplicate links.
Answer:
CExplanation:
Comprehensive and Detailed Explanation From Exact Extract:
In a leaf-spine Clos network:
Option A is TRUE: Each leaf connects to every spine for full redundancy and non-blocking fabric.
"In a Clos topology, every leaf node connects to every spine node, ensuring any-to-any connectivity."
— Nokia Data Center Fabric Design Guide, "Leaf-Spine Architecture"
Option B is TRUE: East-west traffic flows predictably via spines.
"Leaf-spine provides deterministic paths for east-west traffic, minimizing latency and jitter."
— Nokia SR Linux EVPN Configuration Guide, "Traffic Flow in Clos Networks"
Option C is FALSE: Clos networks do not use STP. They rely on Layer 3 ECMP and routing protocols for loop avoidance.
"Clos fabrics eliminate STP by design. Forwarding loops are avoided through ECMP and routing protocols (e.g., BGP), not Layer 2 STP."
— Nokia Data Center Fabric Best Practices, "Loop Avoidance"
Option D is TRUE: ECMP load-balances traffic across multiple spine paths.
"ECMP is fundamental to leaf-spine, distributing traffic across all available spine links."
— Nokia SR Linux Routing Guide, "ECMP in Clos Fabrics"
Which of the following statements about a MAC-VRF is FALSE?
Options:
A MAC-VRF is a Layer 2 network instance.
Bridge table entries contain an exit interface for each destination address.
Packets received in a MAC-VRF are forwarded based on destination IP address.
Multiple devices can be connected to the same IP subnet using a MAC-VRF.
Answer:
CExplanation:
Comprehensive and Detailed Explanation From Exact Extract:
Option A: TRUE – MAC-VRF is a Layer 2 instance.
"A MAC-VRF network instance operates as a Layer 2 bridging domain."
— SR Linux Network Instance Guide, "MAC-VRF Overview"
Option B: TRUE – Bridge tables map MACs to egress interfaces.
"The bridge table associates destination MAC addresses with exit interfaces."
— SR Linux Forwarding Guide, "MAC-VRF Forwarding"
Option C: FALSE – MAC-VRF uses MAC addresses (not IP) for forwarding.
"In a MAC-VRF, traffic is switched based solely on destination MAC addresses, not IP."
— SR Linux Network Instance Guide, "Bridging vs Routing"
Option D: TRUE – MAC-VRF groups devices in the same subnet.
"A MAC-VRF instance enables Layer 2 connectivity for devices sharing the same IP subnet."
— SR Linux EVPN Guide, "L2 Network Design"
Conclusion: Option C is false as MAC-VRF is L2-only.
Which of the following statements about the YANG model used in Nokia’s SR Linux is FALSE?
Options:
All configuration and state information is defined as a YANG model.
The YANG model uses a tree structure with “leafs” as the branches and “containers” as the data components.
The YANG model can be converted into other formats such as JSON or XML.
The YANG model provides a standardized way for applications to retrieve SR Linux configuration and state information.
Answer:
BExplanation:
Comprehensive and Detailed Explanation From Exact Extract:
Option A is TRUE: SR Linux is fully model-driven.
"Every configuration and state element in SR Linux is defined by a YANG model."
— SR Linux YANG Data Modeling Guide, "Introduction"
Option B is FALSE: Containers are branches (grouping nodes), and leafs are data components (terminal values). The description is reversed.
"YANG structures data hierarchically: containers organize child nodes (branches), while leafs hold actual data values (e.g., integers, strings)."
— SR Linux YANG Data Modeling Guide, "Tree Structure"
Option C is TRUE: YANG supports JSON/XML encoding.
"YANG models serialize natively to XML or JSON for machine-to-machine communication."
— SR Linux gNMI and JSON-RPC Guide, "Data Encoding"
Option D is TRUE: YANG enables standardized access via gNMI/NETCONF.
"YANG provides a consistent schema for applications to retrieve/configurate data via protocols like gNMI."
— SR Linux Automation Guide, "Model-Driven Interfaces"
A static route is configured in two steps in Nokia’s SR Linux. Which of the following items CANNOT be configured in the static-routes container?
Options:
blackhole
IPv4 destination prefix
Preference value
Next-hop group
Answer:
DExplanation:
Comprehensive and Detailed Explanation with Exact Extracts:
Options A, B, and C ARE configured in static-routes:
Blackhole: Configured under static-routes for a prefix to drop traffic.
IPv4 destination prefix: Defined directly in the static-routes container.
Preference value: Set per static route entry within static-routes.
Extract from Nokia SR Linux Configuration Guide (Section: Static Routes):
"Static routes are configured under /routing-policy/static-routes. Each entry requires a prefix (e.g., 0.0.0.0/0). The blackhole parameter and preference value are configured directly within this container for a specific prefix."
Option D (Next-hop group) CANNOT be configured in static-routes:
Next-hop groups are separate objects defined under /routing-policy/next-hop-groups.
The static-routes container references a next-hop group by name but does not define its properties.
Extract from Nokia SR Linux Configuration Guide (Section: Next-Hop Groups):
"Next-hop groups are configured under /routing-policy/next-hop-groups. Each group is given a name and defines properties like next-hop IPs, blackhole behavior, or indirect settings. Static routes reference a next-hop group via the next-hop-group parameter under /routing-policy/static-routes but do not configure the group itself here."
Examine the exhibit. What type of information is NOT included in the IMET route advertised by VTEP1?
Options:
VXLAN network identifier (VNI)
Flooding list
Route distinguisher of VTEP1’s MAC-VRF
IP address of VTEP1
Answer:
BExplanation:
Comprehensive and Detailed Explanation with Exact Extracts:
Option A (VNI is included): The IMET route explicitly carries the VNI (as the Ethernet Tag ID) to identify the Layer 2 domain.
Extract from Nokia EVPN-VXLAN Guide (Section: IMET Route):
"The IMET (Type 3) route includes the VNI (Ethernet Tag ID) to signal membership in a specific broadcast domain."
Option B (Flooding list is NOT included): The IMET route does not contain a flooding list. Each VTEP independently builds the flooding list by aggregating all received IMET routes for the same VNI (e.g., VTEP1 uses IMET routes from VTEP2 and VTEP3 to build its list).
Extract from Nokia SR Linux Fundamentals Guide (Section: EVPN BUM Handling):
"The flooding list for a VNI is dynamically constructed by each VTEP based on received IMET routes. The IMET route itself only advertises the sender's VTEP IP and VNI, not a pre-defined list of peers."
Option C (Route Distinguisher is included): The IMET route includes the MAC-VRF's Route Distinguisher (RD) to ensure uniqueness in the control plane.
Extract from Nokia EVPN Configuration Guide:
"Every IMET route carries the MAC-VRF's RD to distinguish overlapping VNIs across different network instances."
Option D (VTEP IP is included): The IMET route advertises the VTEP's IP address (via the PMSI Tunnel attribute) to establish the BUM traffic tunnel endpoint.
Extract from Nokia SR Linux Configuration Guide (Section: EVPN Routes):
"The IMET route includes the originating VTEP's IP address in the PMSI Tunnel field. This IP is used as the destination for VXLAN-encapsulated BUM traffic."
Exhibit Analysis:
The IMET routes (advertised by VTEP1, VTEP2, VTEP3) are shown.
Each VTEP's locally configured flooding list (e.g., VTEP1: [VTEP2, VTEP3]) is derived from received IMET routes, not embedded in the IMET route itself.
