Exam 300-420 topic 1 question 87 discussion

A External fusion router.

The Vedge router configuration guide shows explicitly how to allow VPN to VPN communication - https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/routing/vEdge-20-x/routing-book/m-routing-leaking-for-service-sharing.html#Cisco_Concept.dita_037b791c-e340-491a-a74c-09c973301991 Its annoying they use VN instead of VPN to try and throw you off.

Clearly there is a typo in the question and it's SDA not SDWAN

Guys, read the questions carefully... it's about SD-WAN (not SD-Access). Options B,C,D are for SD-Access components.

THE ANSWER IS D Fabric Routers are used in SD-Access not SD-WAN, This eliminates answer A. Fabric Edges are also used in SD-Access so that eliminates that question as well. The other answer makes no sense. The answer is D: You can do Route leaking to talk between VN https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/routing/ios-xe-17/routing-book-xe/m-routing-leaking-for-service-sharing.html Lets' Gooo i was able to find it.

CORRECT ANSWER IS D !!!!!!!! In an SD-WAN (Software-Defined Wide Area Network) architecture, route leaking is a common technique used to allow overlay Virtual Networks (VNs) to communicate with each other. Route leaking involves selectively sharing or injecting routes from one VN to another, thereby enabling traffic to flow between the isolated VNs. Key points about route leaking in an SD-WAN architecture: Fabric Border Nodes: Route leaking typically occurs at the border nodes of the SD-WAN fabric. These nodes are responsible for connecting the overlay VNs to external networks. ALSO: FABRIC ROUTERS ARE USED ON SD-ACCESS NOT SD-WAN !! BE CAREFUL

The answer is absolutely A

My thoughts on this one: GRE (Generic Routing Encapsulation) tunneling can also be used to enable communication between overlay VNs in some network designs. By configuring GRE tunnels between the fabric edge devices, traffic from one VN can be sent through the tunnel to another VN, enabling inter-VN communication. However, option A, which involves using external fusion routers to map VNs to VRFs and selectively route traffic between VRFs, is a more common approach in SD-WAN architectures. It offers greater flexibility and control for policy-based routing, whereas GRE tunneling may require manual configuration and maintenance of tunnels, which can be more complex and less scalable in large deployments. So, while both options A and B can be used to enable communication between overlay VNs, option A is more common and generally more suitable for SD-WAN architectures.

according to ENSLD cert guide Page 335 any communication between endpoints in different VNs must go through a fusion router or firewall and VNs belong to SD-Access. not SD-WAN

Hmm the question is wrong, that should mean SD-Access - VN virtual network, that is used within SD-Access not in SD-WAN

All the answers relate to SDA rather than SD-WAN so I think the wording of the question is not right here. Therefore, the answer should be A.

Answer is B

Leaning towards B guys, question say SD-WAN not SD-Access, Fusion routers are used in SD-Access.

to comunicate one VN to another VM is via internal tunel in the SD-WAN; so the correct is B.

i will do more reasearch about this one but how i see things: we are speaking about sd-wan not sda access. first hing that comes in my mind is gre & ipsec. for the moment i will go with gre and ip sex. i will let you know if i find anything else

The CCNP Enterprise Design ENSLD 300-420 Official Cert Guide mentions, "A Fusion router is used to allow endpoints in different VNs to communicate with each other", it also states "vEdge routers are responsible for establishing the network fabric and forwarding traffic; they bring up IPsec and GRE tunnels between sites...vEdge routers establish a control channel to vSmart controllers and IPsec tunnels to other vEdge devices to form the overlay network". If I understand correctly, I think "vEdge Routers" do the mapping of VN's to VRF's not "Fusion Routers". Fusion Routers acts as the next-hop to a VN. I'm swayed towards "B" as the correct answer.

I'm getting crazy with this one. Why every single supplier says GRE tunnels - it's by far more sensible A (External Fusion router) - I'm taking the test tomorrow - can anyone clarify please?