ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-620 All Questions

View all questions & answers for the 300-620 exam
Go to Exam

Exam 300-620 topic 1 question 181 discussion

Actual exam question from Cisco's 300-620
Question #: 181
Topic #: 1
[All 300-620 Questions]

What is the advantage of implementing an active-active firewall cluster that is stretched across separate pods when anycast services are configured?

  • A. A cluster is capable to be deployed in transparent mode across pods.
  • B. A different MAC/IP configuration combination is configurable for the firewall in each pod.
  • C. Local traffic in a pod is load-balanced between the clustered firewalls.
  • D. The local pod anycast node is preferred by the local spines.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by frzzt at March 10, 2023, 6:46 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
zelya19
8 months, 3 weeks ago
Selected Answer: D
According to https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739571.html#Activeactivefirewallclusterstretchedacrossseparatepods: The service node cluster needs to be deployed in routed mode. Deploying an active/active cluster in Layer 2 mode stretched across pods is not supported. A is incorrect. - This deployment model assumes that all the firewall nodes in the same cluster use the same IP and MAC address. If each firewall node uses an independent IP and MAC for each node, the deployment model is independent active-standby firewalls pair in each pod. B is incorrect. - From the spine nodes, the path to local attached anycast entry is always preferred. In case of a failure of all local service cluster nodes, the backup path to another pod is chosen. D is correct, C is not.
upvoted 3 times
...
Mr_Certifiable
1 year, 5 months ago
D - The specific MAC/IP combination is only learned on the leaf nodes where the firewall nodes (anycast service) are directly attached; those leaf nodes then send a COOP update to the spines. From the spine nodes, the path to local attached anycast entry is always preferred. In case of a failure of all local service cluster nodes, the backup path to another pod is chosen. https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739571.html
upvoted 4 times
...
Gruiarew
1 year, 7 months ago
Prior to Cisco ACI release 3.2(4d), the use of the same MAC/IP combination on firewall nodes connected to separate pods would have led to the creation of duplicated IP/MAC entries across pods. With the introduction of the “anycast service” feature in release 3.2(4d), the IP/MAC of the cluster can be configured as an anycast endpoint. This causes the spine in a pod to learn the anycast IP/MAC pod-local, while keeping the same MAC/IP entry of the other pods as a backup path. https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739571.html#Activeactivefirewallclusterstretchedacrossseparatepods
upvoted 1 times
Gruiarew
1 year, 7 months ago
Should be D
upvoted 1 times
...
...
frzzt
1 year, 8 months ago
Selected Answer: D
After more analysis i switch to D. Spine in each pod will prioritize local anycast address
upvoted 3 times
...
frzzt
1 year, 8 months ago
Selected Answer: C
Not correct. Ref: this deployment model takes the name of “split spanned EtherChannel” and ensures that all the nodes of the cluster “own” the same MAC/IP values so that the stretched firewall cluster appears as a single logical entity to the ACI Multi-Pod fabric. Only answer that seems somewhat viable is C
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel