3V0-42.20 Exam QuestionsBrowse all questions from this exam
Go to Exam

3V0-42.20 Exam - Question 24

A Solutions Architect is assisting a service provider with designing an NSX-T Data Center solution for these environments:

✑ Virtual Data Center to Virtual Data Center connectivity

✑ Tenant workload on-boarding to Virtual Data Centers.

These requirements must be met:

✑ scalability across 5 data centers

✑ all sites have a latency of 180ms

✑ MTU between sites is 1800

✑ bandwidth is 100Mbps between sites

✑ multi-tenancy

Which two selections should the Solutions Architect propose to the service provider? (Choose two.)

Show Answer
Correct Answer: CE

To meet the requirements, configuring IPSec VPN for Tenant T0 gateways for Virtual Data Centers connectivity is crucial as it provides secure connectivity suitable for north-south traffic between data centers. Utilizing L2 VPN for workloads on-boarding from on-premises to Virtual Data Centers allows for extending network segments across geographical boundaries, fulfilling the need for scalability and multi-tenancy.

Discussion

17 comments
Sign in to comment
AymanovitchyOptions: CE
Mar 4, 2021

C,E since IPSEC tunnel is done on T0 and L2 VPN to expand Layer 2 to onboard VMs

udo2020
Sep 23, 2022

IPSec tunnel can also be done on T1

PheakdeyOptions: AE
Mar 19, 2021

AE is correct

tedybear
Nov 7, 2021

Rtep requires latency of 150ms between LM,RLM&GM. the latency here exceeds that

Arden101Options: DE
Jun 14, 2021

Correct answers - DE As mentioned, using Federation for five sites is not possible yet. Therefore, we have to setup L2VPN. IPSec (needed by L2VPN) can be established from T0 as well as T1 (the same rule applies to L2VPN). However, L2VPN is limited (server or client) to one service per gateway, therefore it's not possible to utilize five L2VPN tunnels from the same T0 and we have to deploy five T1s. Btw. 3V0-42.20 is based on NSX-T 3.0 GA (i.e. 3.0.0) and the Federation limit is three sites (four sites was increased in 3.0.1)

VMwareARCHIOptions: DE
Feb 20, 2021

D,E correct

Aymanovitchy
Mar 4, 2021

how come deply ipsec on T1

diegof1
Apr 6, 2021

IPsec and Layer 2 VPN are supported on both Tier-1 and Tier-0. https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/administration/GUID-DF689847-252E-451E-84B5-DB507CC010AC.html

nick2uOptions: DE
Nov 20, 2021

DE, T1 is required for multi-yenancy

DCL202Options: BD
Oct 13, 2021

A and E are not supported, due to 180ms latency: RTT latency is less than or equal to 150 ms, which is required for vMotion to work across two sites. This rules out stretch networking and L2 for migrating workloads. Answer is B, D.

outlawwwOptions: DE
Mar 8, 2023

T1 because of multitenancy.

vkaisOptions: CD
May 23, 2021

Can’t be A, that would be NSX-T Federation, which only supports 4 sites. The questions mentions 5 data centers.

Fornax
May 31, 2021

It also can't be A, because federation requires 150ms RTT. https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/installation/GUID-AD369B9D-4ADC-4CE9-B8DC-BB2B47C7BFBF.html

Pal68Options: AC
Sep 28, 2021

From the coursework: Topologies: • IPsec VPN services are only available on Tier-0 gateways. • Segments can be connected to either Tier-0 or Tier-1 gateways to use VPN services. Considerations: • Overlapping networks or multitenancy requires multiple T0-GWs. • VPN services are only available on active-standby T0-GWs. • NSX-T Data Center supports site-to-site IPsec VPNs in tunnel mode. • DPDK-accelerated performance.

Pal68
Sep 28, 2021

I.e. Only CE correct

tedybearOptions: CD
Nov 7, 2021

CD IPSec VPN is supported for T0 and T1 gateways NSX-T Data Center supports IPSec Virtual Private Network (IPSec VPN) and Layer 2 VPN (L2 VPN) on an NSX Edge node. IPSec VPN offers site-to-site connectivity between an NSX Edge node and remote sites. With L2 VPN, you can extend your data center by enabling virtual machines to keep their network connectivity across geographical boundaries while using the same IP address. Onboarding from onprem to remote site requires long distance vmotion with mtu of 150

AlchotOptions: DE
Sep 22, 2022

DE is correct T1 is needed for multitenancy on service provider Latency is higher than supported so each site will have its own NSX-T

4ourDSOptions: DE
Apr 5, 2023

A high MTU indicates that the packet size due to VPN communication will be large.

Gayan84Options: CE
Dec 2, 2023

Configuring IPSec VPN for Tenant T0 gateways ensures secure connectivity between Virtual Data Centers. T0 gateways are suitable for north-south routing between data centers, aligning with the requirement for connectivity between Virtual Data Centers

Gayan84Options: CD
Dec 2, 2023

Configuring IPSec VPN for Tenant T0 gateways ensures secure connectivity between Virtual Data Centers. T0 gateways are suitable for north-south routing between data centers, aligning with the requirement for connectivity between Virtual Data Centers

Gayan84Options: CE
Dec 2, 2023

Configuring IPSec VPN for Tenant T0 gateways ensures secure connectivity between Virtual Data Centers. T0 gateways are suitable for north-south routing between data centers, aligning with the requirement for connectivity between Virtual Data Centers

Gayan84Options: AC
Dec 2, 2023

Tier-0 gateways are more suitable for connecting multiple data centers with multi-tenancy than Tier-1 gateways. This is because Tier-0 gateways are designed to handle north-south traffic, which is the traffic that flows between the tenants and the external network. Tier-1 gateways are designed to handle east-west traffic, which is the traffic that flows between the tenants themselves.

AT45816Options: CE
Feb 2, 2024

CE is correct