Consider the exhibit.

Which of the following statements about the configuration and operation of this setup is FALSE?
The Ethernet segment ES-1 is configured as single active.
The ports that connect to the host are associated to ES-1.
All traffic to and from the host will flow through Leaf1.
The host will be required to be configured with a LAG.
Comprehensive and Detailed 150 to 250 words of Explanation From [SR Linux EVPN and Data Center Interconnect/Course Guide/topics]:
This setup represents single-active Layer 2 EVPN multi-homing. In single-active mode, the Ethernet Segment is configured so that only one PE acts as the active forwarding node for a given service, while the other remains standby. The ports connecting to the host are associated with ES-1 so the EVPN control plane can perform Ethernet Segment discovery, DF election, and standby behavior. If Leaf1 is the active/DF node for the service, all traffic to and from the host flows through Leaf1 until a failure or DF transition occurs. Option D is false because a host LAG is not required for this single-active topology. A LAG is typically required for all-active L2 multi-homing, where the host must treat multiple physical links toward different leaf routers as one logical bundle. In single-active operation, the host can be connected through separate physical links or active/standby access behavior without requiring LACP bundling. The EVPN PEs enforce the active path selection through DF and ES state rather than relying on host-side LAG hashing. Reference: single-active EVPN multi-homing, Ethernet Segment port association, DF-controlled active forwarding.
================
Consider the exhibit.

Which of the following is NOT configured on dcgw10 to support the Layer 3 VPN connectivity?
The base BGP instance to support vpn-ipv4 and evpn address families.
A routed VXLAN interface for the VPRN instance.
A binding of the VPRN instance to the MPLS tunnels towards dcgw20.
A vrf-target matching the vrf-target on dcgw20 in the VPRN instance.
Comprehensive and Detailed 150 to 250 words of Explanation From [SR Linux EVPN and Data Center Interconnect/Course Guide/topics] :
In an integrated gateway-based data center interconnect design, the gateway must interwork between the data center EVPN/VXLAN domain and the WAN VPN transport domain. For Layer 3 VPN connectivity on a Nokia 7750 SR integrated gateway, the base BGP instance must support the relevant VPN address families, such as VPN-IPv4 and EVPN, because the gateway participates in control-plane exchange between the data center and WAN sides. The VPRN must also be associated with the WAN transport, normally through MPLS tunnel binding, and the VRF target must match the corresponding VPRN on the remote gateway so that VPN routes are imported and exported correctly. A routed VXLAN interface, however, is an SR Linux IP-VRF/VXLAN construct used for symmetric L3 EVPN forwarding inside a VXLAN-based data center fabric. In this question, dcgw10 is acting as the integrated WAN gateway for L3VPN connectivity, so a routed VXLAN interface is not the required configuration item on the VPRN instance. Reference: integrated gateway DCI, VPRN over MPLS, EVPN-to-VPN interworking.
================
Which of the following statements about utilizing asymmetric routing in an L3 EVPN network is FALSE?
The ingress PE performs both MAC and IP forwarding.
The egress PE performs MAC forwarding only.
EVPN route-type 5 must be supported by the PEs involved.
Each MAC-VRF used in the L3 EVPN network must exist on each PE.
Comprehensive and Detailed 150 to 250 words of Explanation From [SR Linux EVPN and Data Center Interconnect/Course Guide/topics]:
In asymmetric L3 EVPN routing, the ingress PE performs the routing decision and then sends traffic across the overlay in the context of the destination MAC-VRF. The egress PE performs Layer 2 MAC forwarding only toward the destination host. This is why options A and B correctly describe asymmetric data-plane behavior. Asymmetric routing relies heavily on EVPN route type 2 MAC/IP Advertisement routes because the ingress PE must know the destination host's MAC/IP binding and the destination bridge domain information. EVPN route type 5, which advertises IP prefixes, is a symmetric L3 EVPN mechanism and is not mandatory for asymmetric routing. Therefore, option C is false. Option D is treated as correct in this asymmetric-routing model because each PE participating in inter-subnet forwarding needs the destination MAC-VRF context to encapsulate traffic toward the correct L2 VNI. This requirement is one reason asymmetric routing scales less efficiently than symmetric routing: MAC-VRF presence and host reachability information must be broadly available. Symmetric routing improves scale by using an IP-VRF routed VXLAN interface and RT-5 prefix routes instead. Reference: asymmetric L3 EVPN routing, ingress IP/MAC forwarding, egress MAC forwarding, RT-2 versus RT-5 usage.
================
Consider the exhibit.

Which of the following statements about the proxy ARP entry for the neighbor IP 192.168.100.1 is FALSE?
The state is pending because this MAC address was originally associated with a different IP address.
The traffic will be forwarded to a blackhole if the state changes to duplicate.
The MAC address will be changed to 00:00:00:00:DE:AD if the state changes to duplicate.
All traffic destined to 192.168.100.1 will be discarded for 9 minutes if the state changes to duplicate.
Comprehensive and Detailed 150 to 250 words of Explanation From [SR Linux EVPN and Data Center Interconnect/Course Guide/topics]:
Proxy ARP in a Layer 2 EVPN service allows the leaf to answer ARP requests locally using learned IP/MAC bindings, reducing broadcast flooding across the overlay. SR Linux can also monitor IP duplication and MAC/IP inconsistencies in the proxy ARP table. A pending state indicates that the system has detected suspicious or conflicting information and is monitoring the binding before declaring it duplicate. If the entry becomes duplicate, SR Linux can use a blackhole behavior to prevent forwarding traffic toward a conflicted endpoint, and a special discard MAC such as 00:00:00:00:DE:AD can be associated with the duplicate entry. Option D is false because it incorrectly states that all traffic destined to 192.168.100.1 will be discarded for exactly 9 minutes. The exhibit references monitoring and hold-down behavior, but the answer key rejects the fixed “9 minutes” traffic-discard statement. The key concept is that duplicate handling protects the EVPN service from unstable or conflicting IP/MAC bindings, but the specific discard duration in option D is not correct. Reference: proxy ARP, IP duplication monitoring, duplicate-state blackhole behavior.
================
Consider the exhibit.

Which of the following statements about the configuration and operation of this setup is TRUE?
The MAC-VRF on Leaf1 and Leaf2 is configured with multi-homing-mode all-active.
The MAC-VRF on Leaf3 will need to be configured with ECMP to be able to load balance between Leaf1 and Leaf2.
The host will be required to be configured with a LAG.
The Ethernet segment ES-1 will be associated to the ports that connect to the host.
Comprehensive and Detailed 150 to 250 words of Explanation From [SR Linux EVPN and Data Center Interconnect/Course Guide/topics]:
This setup represents a Layer 2 EVPN multi-homing attachment where the host is connected to Leaf1 and Leaf2 through an Ethernet Segment named ES-1. In SR Linux EVPN multi-homing, the Ethernet Segment must be associated with the physical or logical attachment interfaces facing the host. This allows the PEs to advertise Ethernet Segment information into EVPN, participate in DF election, and apply the appropriate forwarding behavior for single-active or all-active redundancy. Option D is therefore correct. Option A is not necessarily true because the exhibit indicates an active/standby style attachment, not all-active operation. Option B is also incorrect because ECMP on the remote MAC-VRF is not the mechanism that defines the local ES association or single-active behavior. Option C is wrong in this setup because a host LAG is required for common all-active L2 multi-homing with LACP, but the shown design uses an active/standby-style attachment where the Ethernet Segment is bound to the host-facing ports. The technical anchor is that ES-1 must be associated to the access ports connecting the host into the multi-homed MAC-VRF service. Reference: L2 EVPN multi-homing, Ethernet Segment interface association, DF behavior.
================
Consider the exhibit.

All three of the leafs have a MP-BGP EVPN session to the route-reflector Spine-1. Leaf-1, Leaf-2 and Leaf-3 have existing instances of an L2 EVPN named MAC VRF-1. Host-1 has just sent its first Ethernet frame into MAC VRF-1 on Leaf-1.
Which of the following steps is FALSE?
Leaf-1 populates Host-1's MAC address learnt on the local interface to its MAC table.
Leaf-1 generates an EVPN route-type 5 update with Host-1's MAC address and sends it to the route reflector.
The route-reflector forwards the EVPN update to Leaf-2 and Leaf-3.
Leaf-2 and Leaf-3 import the EVPN update based upon the route target.
Comprehensive and Detailed 150 to 250 words of Explanation From [SR Linux EVPN and Data Center Interconnect/Course Guide/topics]:
When Host-1 sends its first Ethernet frame into MAC VRF-1, Leaf-1 performs normal local data-plane MAC learning on the access interface and installs Host-1's MAC address into the MAC forwarding table. In an L2 EVPN MAC-VRF, host MAC reachability is then advertised into the EVPN control plane using EVPN route type 2, the MAC/IP Advertisement route. Route type 5 is not used for host MAC advertisement; RT-5 is used for IP prefix advertisement in Layer 3 EVPN services. Therefore, option B is false because it incorrectly states that Leaf-1 generates an EVPN RT-5 update with the host MAC address. In this topology, Leaf-1 sends the correct EVPN update to the route reflector, Spine-1. The route reflector then reflects the update to Leaf-2 and Leaf-3, and those remote leaves import the route if the route target matches their MAC VRF-1 import policy. The route target controls service membership, ensuring that only PEs participating in the same EVPN instance import the MAC route. Reference: L2 EVPN MAC learning, RT-2 MAC/IP advertisement, route-reflector distribution, route-target import.
================
A host is connected to multiple PEs through multi-homing.
Which of the following is NOT a function of the EVPN route-type 4 route?
Allows the other PEs to discover which PEs are connected to the same Ethernet segment.
Triggers the election of a designated forwarder.
Identifies the type of algorithm to be used in the election process.
Identifies the redundancy mode of the Ethernet segment.
Comprehensive and Detailed 150 to 250 words of Explanation From [SR Linux EVPN and Data Center Interconnect/Course Guide/topics]:
EVPN route type 4 is the Ethernet Segment route. Its core role is to advertise Ethernet Segment membership so that PEs attached to the same multi-homed segment can discover each other. This discovery is essential for multi-homing procedures such as DF election, split-horizon behavior, and redundancy handling. When multiple PEs advertise the same ESI, the EVPN control plane can build the candidate set of PEs that participate in that Ethernet Segment. This enables DF election for BUM forwarding and supports the correct interpretation of the segment's redundancy model. The incorrect statement is option C. The election algorithm itself is not the basic function of the route type 4 advertisement in the way the question frames it. The route type is primarily about Ethernet Segment discovery and participation; the algorithmic decision process is derived from configured DF election behavior and candidate information, not from route type 4 acting as a generic algorithm identifier. Therefore, route type 4 enables DF procedures, but it is not described as the mechanism that identifies the election algorithm type. Reference: EVPN RT-4 Ethernet Segment route, DF election, multi-homing discovery.
================
Which of the following is always found in an extended community associated with an EVPN update?
The route target
The AFI/SAFI
The VXLAN network ID
The EVPN route type
Comprehensive and Detailed 150 to 250 words of Explanation From [SR Linux EVPN and Data Center Interconnect/Course Guide/topics]:
The route target is the extended community consistently associated with EVPN updates to control route import and export between EVPN instances. In SR Linux EVPN services, route targets determine which MAC-VRF or IP-VRF should import a received EVPN route. This is essential for tenant separation because multiple tenants may use overlapping MAC or IP address spaces while sharing the same physical fabric and BGP control plane. The AFI/SAFI is not an extended community; it identifies the BGP address family and subsequent address family used to carry EVPN NLRI. The EVPN route type is also not an extended community; it is part of the EVPN NLRI structure and identifies whether the route is RT-1, RT-2, RT-3, RT-4, RT-5, and so on. The VXLAN network ID may be carried or inferred through service and encapsulation-specific attributes, but it is not universally present as the required extended community in every EVPN update. The route target is the mandatory policy element that enables receiving PEs to place EVPN routes into the correct service context. Reference: EVPN extended communities, route-target import/export policy, tenant service identification.
================
When configuring the EVPN MP-BGP route reflector sessions between the leaf and spine routers, which of the following statements is TRUE?
The local-AS number configured within the BGP group will override the AS number configured directly under the BGP protocol.
The cluster-id that uniquely identifies this route reflector session is configured on the route reflector and participating clients.
When redundant route reflectors are deployed, one route reflector will be the primary while the other one will assume a backup role.
Route reflectors can be used instead of a full mesh of eBGP sessions between the leaf and spine routers.
Comprehensive and Detailed 150 to 250 words of Explanation From [SR Linux EVPN and Data Center Interconnect/Course Guide/topics]:
In SR Linux BGP configuration, parameters defined at a more specific hierarchy level can override broader protocol-level settings. Therefore, if a `local-as` value is configured within the BGP group used for EVPN MP-BGP route-reflector sessions, that value overrides the AS number configured directly under the BGP protocol for that group's sessions. Option A is correct. Option B is false because the cluster ID is configured on the route reflector, not on every participating client. The cluster ID identifies the RR cluster and helps prevent route-reflection loops. Option C is false because redundant route reflectors normally operate in parallel rather than as strict primary/backup devices; clients can peer with both for resilience. Option D is misleading because EVPN route reflectors are used to avoid a full mesh of overlay MP-BGP EVPN sessions between leaves, not to replace ordinary underlay eBGP leaf-spine routing sessions. In a clean fabric design, the underlay provides IP reachability, while the EVPN overlay uses MP-BGP sessions, often via route reflectors, to distribute tenant reachability. Reference: SR Linux BGP hierarchy, EVPN route reflector sessions, local-AS override, cluster ID behavior.
================
Leaf routers are configured to support Layer 2 multi-homing all-active mode.
Which of the following statements is FALSE?
All of the sub-interfaces of the LAG must be configured in the Ethernet segment.
The 2nd through 7th octets of the ESI must not be all zeros.
The multi-homing mode of all-active must be configured for the Ethernet segment.
The Ethernet segment must be administratively enabled.
Comprehensive and Detailed 150 to 250 words of Explanation From [SR Linux EVPN and Data Center Interconnect/Course Guide/topics]:
For Layer 2 all-active EVPN multi-homing on SR Linux, the Ethernet Segment configuration is the control-plane anchor that binds the redundant access attachment to EVPN. The relevant LAG subinterfaces must be associated with the Ethernet Segment so that the PE can advertise the segment correctly and apply split-horizon and aliasing behavior. The Ethernet Segment must also be administratively enabled; otherwise, the PE will not participate properly in ES discovery and DF procedures. The multi-homing mode must be set to all-active to permit forwarding through multiple attached leaf routers and support host-side LAG operation. The false statement is option B. The Ethernet Segment Identifier has a defined structure, and the blanket statement that the 2nd through 7th octets “must not be all zeros” is not a valid requirement as stated. What matters operationally is that the ESI uniquely identifies the same multi-homed Ethernet Segment across participating PEs and is consistently configured where required. The ESI must be non-zero as a meaningful segment identifier, but the specific octet restriction in the option is not the SR Linux all-active configuration rule. Reference: SR Linux L2 EVPN all-active multi-homing, Ethernet Segment configuration, LAG association.
================
An IRB sub-interface that is being used to interconnect a MAC-VRF to an IP-VRF, is configured with anycast-gw set to true and anycast-gw enabled.
Which of the following statements is FALSE?
The last octet of the default virtual MAC assigned to the sub-interface is derived from the last octet of the chassis MAC.
The same IP address used on this sub-interface can be used by other IRB sub-interfaces on remote PEs participating in the IP-VRF.
The host IP address of the sub-interface appears in the IP-VRF route table along with the prefix for the entire sub-net.
Two MAC addresses associated to the sub-interface are shown in the forwarding table of the MAC-VRF that contains the IRB sub-interface.
Comprehensive and Detailed 150 to 250 words of Explanation From [SR Linux EVPN and Data Center Interconnect/Course Guide/topics]:
An anycast-gateway IRB allows multiple PEs to present the same default-gateway IP address to hosts in the same subnet. This is the mechanism that enables distributed gateway behavior in EVPN fabrics. The same anycast gateway IP may be configured on equivalent IRB subinterfaces across remote PEs participating in the same IP-VRF, allowing hosts to use the nearest leaf as their default gateway without changing their gateway address. SR Linux also associates gateway MAC information with the IRB, including virtual gateway MAC behavior used inside the MAC-VRF forwarding table. Option C is false because the anycast gateway IP is not treated as a normal unique host route that appears in the IP-VRF route table alongside the subnet prefix. The subnet route is installed for the connected network, but the shared anycast gateway address is a gateway function, not a separately advertised host endpoint that should appear as ordinary routed host reachability. Treating the anycast IP as a regular host route would undermine the distributed gateway model and create ambiguous ownership across PEs. Reference: IRB anycast gateway, MAC-VRF/IP-VRF interconnection, distributed default-gateway operation.
================
Leaf routers are configured to support Layer 2 multi-homing all-active mode.
Which of the following statements is FALSE?
A LAG must be configured on the participating leaf routers.
If VLAN tagging is to be used, then it must be enabled on the LAG interface.
If using LACP, the system-id-mac must uniquely identify each leaf router connected to the host.
The LAG interface must then be associated with the Ethernet segment.
Comprehensive and Detailed 150 to 250 words of Explanation From [SR Linux EVPN and Data Center Interconnect/Course Guide/topics]:
In all-active Layer 2 EVPN multi-homing, the host is typically dual-homed to two or more leaf routers using a LAG. The participating leaf routers must configure the LAG and associate it with the Ethernet Segment so EVPN can advertise the common ESI and apply aliasing, split-horizon, and DF procedures. If VLAN tagging is used for service separation, tagging must be configured on the LAG interface so that the correct subinterfaces can bind into the MAC-VRF and Ethernet Segment. Option C is false because it states that the LACP system-id-mac must uniquely identify each leaf router. In an all-active EVPN multihomed LAG, the opposite principle applies: from the host's LACP perspective, the multihomed leaf pair must appear as a single logical LACP system. That generally requires a shared LACP system ID or coordinated system MAC behavior across the participating PEs. If each leaf presented a unique LACP system identity, the host would treat them as separate LAG partners and the all-active bundle would not form correctly. Reference: all-active L2 EVPN multi-homing, LAG attachment, LACP system ID behavior, Ethernet Segment association.
================
Consider the exhibit.

Which of the following statements is FALSE?
The remote host's IP address is 100.0.2.3.
The MAC address 00:00:00:00:00:01 was learned through the data plane.
The MAC address associated to the vxlan-interface will not age out.
The VXLAN network identifier configured for this MAC-VRF is 100.
Comprehensive and Detailed 150 to 250 words of Explanation From [SR Linux EVPN and Data Center Interconnect/Course Guide/topics]:
In an SR Linux Layer 2 EVPN MAC-VRF, locally attached MAC addresses are learned through the data plane on local access interfaces, while remote MAC addresses are learned from MP-BGP EVPN control-plane advertisements and installed with a VXLAN next-hop. The exhibit shows one local learned MAC on an Ethernet subinterface and another MAC learned through EVPN with a VXLAN interface and VNI 100. The remote VTEP or next-hop information identifies the remote endpoint, and the VNI maps the received VXLAN traffic to the correct MAC-VRF service. The false statement is C because saying that the MAC address associated with the vxlan-interface “will not age out” is too absolute. A remote EVPN MAC is not aged in the same way as a local data-plane-learned MAC, but it can still be removed when the corresponding EVPN route is withdrawn, invalidated, or no longer present in the control plane. The “N/A” style aging behavior does not mean permanent retention. Reference: SR Linux MAC-VRF verification, local MAC learning, EVPN-learned remote MACs, VXLAN VNI mapping.
================
Which of the following statements about the configuration of a distributed Layer 2 EVPN in a Nokia SR Linux is FALSE?
Each PE participating in the Layer 2 EVPN must be configured with the same EVPN instance ID (EVI).
The route distinguisher is auto-generated using the autonomous system number and EVI.
Only one VXLAN-interface can be associated to the Layer 2 EVPN.
The route-targets are manually configured when the leaf routers are in different autonomous systems.
Comprehensive and Detailed 150 to 250 words of Explanation From [SR Linux EVPN and Data Center Interconnect/Course Guide/topics]:
A distributed Layer 2 EVPN in SR Linux is implemented using MAC-VRF network instances, EVPN control-plane signaling, and VXLAN data-plane encapsulation. A common mistake is assuming that every PE must use the same EVI value for the same L2 service. In SR Linux, the important operational requirement is that the correct EVPN routes are imported and exported using matching route-target policy, not necessarily that every PE has the same locally configured EVI. Therefore, option A is false. The route distinguisher can be automatically generated using local values such as the autonomous system number and EVI, giving each PE's EVPN routes uniqueness in MP-BGP. A MAC-VRF is associated with VXLAN encapsulation for its data-plane service mapping, and route targets may need to be manually configured when leaf routers are in different autonomous systems because automatic derivation may not produce matching import/export policy across AS boundaries. The key separation is this: the RD gives uniqueness, the route target controls service membership, and the EVI is a local service identifier rather than a universal mandatory match in all designs. Reference: SR Linux distributed L2 EVPN configuration, EVI, RD auto-generation, route-target policy.
================
Which of the following statements about the configuration of a Layer 3 multi-homing with a centralized router is FALSE?
The centralized router must be a member of the Ethernet segment.
All routers participating in the Ethernet segment must have the multi-homing mode set to all-active.
Remote leaf routers can load balance traffic to customer prefixes through the leaf routers connected to the Ethernet segment.
The centralized router will advertise the customer prefixes using an EVPN route-type 5 update.
Comprehensive and Detailed 150 to 250 words of Explanation From [SR Linux EVPN and Data Center Interconnect/Course Guide/topics]:
Layer 3 EVPN multi-homing with a centralized router uses an Ethernet Segment to associate multiple leaf routers with a common external L3 attachment. The centralized router is part of that attached segment from the forwarding perspective, and the connected leaf routers advertise third-party or customer prefixes into EVPN so that remote leaves can reach those prefixes through the multi-homed attachment. For L3 EVPN, learned customer prefixes are normally advertised using EVPN route type 5, which carries IP prefix reachability. In an all-active design, remote leaf routers may load balance traffic to the customer prefix through multiple attached leaf routers because the ES next-hop allows the remote PE to understand that the prefix is reachable through a multi-homed Ethernet Segment. The false statement is that every router participating in the Ethernet Segment must be configured with all-active mode. Multi-homing mode is a design and configuration property of the EVPN PEs participating in the ES, and designs may use single-active or all-active behavior depending on redundancy and forwarding requirements. Reference: L3 EVPN multi-homing, centralized router attachment, EVPN RT-5 prefix advertisement.
================
Which of the following statements about configuring and using an integrated routing and bridging (IRB) interface is TRUE?
The IRB sub-interface must be configured as either type bridge or routed.
A MAC-VRF can be configured with multiple IRB sub-interfaces to support multi-homing.
When the IRB sub-interface is configured with multiple IP addresses, one of them can be configured as the primary.
When using an IRB interface to interconnect a MAC-VRF to an IP-VRF, one sub-interface is configured for the MAC-VRF and another one for the IP-VRF.
Comprehensive and Detailed 150 to 250 words of Explanation From [SR Linux EVPN and Data Center Interconnect/Course Guide/topics]:
An IRB interface is the logical connection point between a Layer 2 MAC-VRF and a Layer 3 IP-VRF. It provides the routed gateway function for hosts in the bridge domain while allowing traffic to move into the routed VRF for inter-subnet forwarding. The correct statement is that when an IRB sub-interface has multiple IP addresses, one can be designated as the primary. This is important because the primary address is used for normal gateway or subnet behavior when more than one address is present on the same routed interface context. Option A is inaccurate because the question is about an IRB sub-interface, not a generic subinterface selection between bridge or routed access modes. Option B is not the defining multi-homing model; EVPN multi-homing is implemented through Ethernet Segment association and MAC-VRF attachment behavior, not by adding multiple IRB subinterfaces for multi-homing. Option D is also wrong because the IRB is the shared logical link between the MAC-VRF and IP-VRF; the design does not require separate IRB subinterfaces on each side as independent constructs. Reference: SR Linux IRB configuration, MAC-VRF to IP-VRF interconnection, primary IP addressing.
================
Copyright © 2014-2026 Certensure. All Rights Reserved