Exam 3V0-42.20 All QuestionsBrowse all questions from this exam
Go to Exam
Question 24

A Solutions Architect is assisting a service provider with designing an NSX-T Data Center solution for these environments:

✑ Virtual Data Center to Virtual Data Center connectivity

✑ Tenant workload on-boarding to Virtual Data Centers.

These requirements must be met:

✑ scalability across 5 data centers

✑ all sites have a latency of 180ms

✑ MTU between sites is 1800

✑ bandwidth is 100Mbps between sites

✑ multi-tenancy

Which two selections should the Solutions Architect propose to the service provider? (Choose two.)

    Correct Answer: C, E

    To meet the requirements, configuring IPSec VPN for Tenant T0 gateways for Virtual Data Centers connectivity is crucial as it provides secure connectivity suitable for north-south traffic between data centers. Utilizing L2 VPN for workloads on-boarding from on-premises to Virtual Data Centers allows for extending network segments across geographical boundaries, fulfilling the need for scalability and multi-tenancy.

Discussion
PheakdeyOptions: AE

AE is correct

tedybear

Rtep requires latency of 150ms between LM,RLM&GM. the latency here exceeds that

AymanovitchyOptions: CE

C,E since IPSEC tunnel is done on T0 and L2 VPN to expand Layer 2 to onboard VMs

udo2020

IPSec tunnel can also be done on T1

Arden101Options: DE

Correct answers - DE As mentioned, using Federation for five sites is not possible yet. Therefore, we have to setup L2VPN. IPSec (needed by L2VPN) can be established from T0 as well as T1 (the same rule applies to L2VPN). However, L2VPN is limited (server or client) to one service per gateway, therefore it's not possible to utilize five L2VPN tunnels from the same T0 and we have to deploy five T1s. Btw. 3V0-42.20 is based on NSX-T 3.0 GA (i.e. 3.0.0) and the Federation limit is three sites (four sites was increased in 3.0.1)

nick2uOptions: DE

DE, T1 is required for multi-yenancy

VMwareARCHIOptions: DE

D,E correct

Aymanovitchy

how come deply ipsec on T1

diegof1

IPsec and Layer 2 VPN are supported on both Tier-1 and Tier-0. https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/administration/GUID-DF689847-252E-451E-84B5-DB507CC010AC.html

outlawwwOptions: DE

T1 because of multitenancy.

DCL202Options: BD

A and E are not supported, due to 180ms latency: RTT latency is less than or equal to 150 ms, which is required for vMotion to work across two sites. This rules out stretch networking and L2 for migrating workloads. Answer is B, D.

AT45816Options: CE

CE is correct

Gayan84Options: AC

Tier-0 gateways are more suitable for connecting multiple data centers with multi-tenancy than Tier-1 gateways. This is because Tier-0 gateways are designed to handle north-south traffic, which is the traffic that flows between the tenants and the external network. Tier-1 gateways are designed to handle east-west traffic, which is the traffic that flows between the tenants themselves.

Gayan84Options: CE

Configuring IPSec VPN for Tenant T0 gateways ensures secure connectivity between Virtual Data Centers. T0 gateways are suitable for north-south routing between data centers, aligning with the requirement for connectivity between Virtual Data Centers

Gayan84Options: CD

Configuring IPSec VPN for Tenant T0 gateways ensures secure connectivity between Virtual Data Centers. T0 gateways are suitable for north-south routing between data centers, aligning with the requirement for connectivity between Virtual Data Centers

Gayan84Options: CE

Configuring IPSec VPN for Tenant T0 gateways ensures secure connectivity between Virtual Data Centers. T0 gateways are suitable for north-south routing between data centers, aligning with the requirement for connectivity between Virtual Data Centers

4ourDSOptions: DE

A high MTU indicates that the packet size due to VPN communication will be large.

AlchotOptions: DE

DE is correct T1 is needed for multitenancy on service provider Latency is higher than supported so each site will have its own NSX-T

tedybearOptions: CD

CD IPSec VPN is supported for T0 and T1 gateways NSX-T Data Center supports IPSec Virtual Private Network (IPSec VPN) and Layer 2 VPN (L2 VPN) on an NSX Edge node. IPSec VPN offers site-to-site connectivity between an NSX Edge node and remote sites. With L2 VPN, you can extend your data center by enabling virtual machines to keep their network connectivity across geographical boundaries while using the same IP address. Onboarding from onprem to remote site requires long distance vmotion with mtu of 150

Pal68Options: AC

From the coursework: Topologies: • IPsec VPN services are only available on Tier-0 gateways. • Segments can be connected to either Tier-0 or Tier-1 gateways to use VPN services. Considerations: • Overlapping networks or multitenancy requires multiple T0-GWs. • VPN services are only available on active-standby T0-GWs. • NSX-T Data Center supports site-to-site IPsec VPNs in tunnel mode. • DPDK-accelerated performance.

Pal68

I.e. Only CE correct

vkaisOptions: CD

Can’t be A, that would be NSX-T Federation, which only supports 4 sites. The questions mentions 5 data centers.

Fornax

It also can't be A, because federation requires 150ms RTT. https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/installation/GUID-AD369B9D-4ADC-4CE9-B8DC-BB2B47C7BFBF.html