Juniper Data Center, Associate JN0-281 Exam Questions

Answer : C

To intentionally drop traffic to a specific destination while also informing the sender that the destination is unreachable, Junos provides a routing action specifically meant for this behavior: a static route with a next hop of reject. A reject route installs a forwarding entry that causes matching packets to be dropped, and it also triggers generation of an ICMP unreachable message back to the traffic source. This is useful in data center routing for controlled blackholing with feedback, for example when you want to signal misrouted traffic, invalid destinations, or to enforce policy with explicit notification.

A discard route also drops packets, but it does so silently without sending ICMP unreachable messages. That makes discard appropriate for traffic-sink use cases such as safe summarization or DDoS mitigation where you do not want to generate return traffic. Adding addresses to martians is intended to block invalid special-use prefixes from being treated as routable, not to create a targeted unreachable response for an arbitrary destination. Using inet.3 is related to MPLS label-switched forwarding and does not address the requirement. A firewall filter that discards traffic will typically drop silently unless explicitly configured to send rejects in a security context, and it is not the standard routing-table-based method when the requirement is an ICMP unreachable response for a destination prefix.

Therefore, a reject static route is the correct solution.

Answer : C

Bidirectional Forwarding Detection is a lightweight, fast failure-detection mechanism used to quickly determine whether a forwarding path between two systems is operational. In Juniper data center networks, BFD is commonly paired with routing protocols such as BGP and OSPF to accelerate convergence. Instead of waiting for a routing protocol hold timer or dead interval to expire, BFD continuously exchanges small control packets between neighbors at a configured interval. If the local device stops receiving these control packets for a negotiated detection time, it declares the BFD session down.

This down event can then be used to immediately signal the routing protocol that the neighbor is no longer reachable, causing faster withdrawal of routes or faster reroute to alternate paths. This is critical in leaf-spine fabrics where rapid failover is expected to maintain application availability and to keep ECMP path sets current. BFD is designed to detect failures in the forwarding plane, including link failures, interface failures, or other failures that prevent packets from being successfully exchanged between the two endpoints. It is not intended to detect routing loops, and it does not specifically track route flaps as a function; flapping is a symptom that may occur when failures happen repeatedly.

Destination host unreachable messages are part of ICMP processing and are unrelated to BFD's purpose. In short, BFD's value is fast, protocol-independent failure detection for forwarding adjacency health.

Answer : A, C

EBGP is defined as BGP peering between different autonomous systems, which makes statement A correct. In data center IP fabrics, it is common to assign different private AS numbers to leaves and spines or to use a structured AS design so that every leaf forms EBGP sessions to each spine. This provides clear policy boundaries, straightforward troubleshooting, and predictable route propagation without needing an additional interior gateway protocol to carry underlay reachability.

Statement C is also correct because EBGP can be deployed without a supporting IGP. BGP itself can distribute the underlay routes needed for fabric reachability, such as loopback addresses and point to point link prefixes. This is a widely used approach for leaf spine fabrics because it reduces protocol complexity and avoids running multiple control planes for the underlay. Convergence can be improved using multipath, rapid failure detection mechanisms, and consistent routing policy.

Statement B is incorrect because BGP within a single AS is IBGP, not EBGP. Statement D is incorrect because while some designs may choose to run an IGP and use BGP only for certain functions, EBGP does not inherently require an IGP to operate or to provide underlay connectivity in a fabric design.

Answer : B

In Junos, the default export policy for OSPF is to reject all routes from being exported.

Step-by-Step Breakdown:

Default Export Policy:

By default, OSPF in Junos does not export any routes to other routing protocols or neighbors. This is a safety mechanism to prevent unintended route advertisements.

Custom Export Policies:

If you need to export routes, you must create a custom export policy that explicitly defines which routes to advertise.

Example: You can create an export policy to redistribute static or connected routes into OSPF.

Juniper Reference:

OSPF Export Behavior: In Juniper devices, the default policy for OSPF is to reject route advertisements unless explicitly configured otherwise through custom policies.

Answer : D

In Junos Ethernet switching, a trunk interface is intended to carry multiple VLANs using 802.1Q tags. The native VLAN ID feature defines how the trunk handles frames that arrive without an 802.1Q tag and how it can transmit untagged frames when required. When a native VLAN is configured on a trunk, untagged inbound frames are mapped into the native VLAN's Layer 2 broadcast domain. Likewise, traffic belonging to the native VLAN can be sent untagged on that trunk, depending on how the receiving device expects to process untagged frames. This is commonly used in data center environments to interoperate with devices that require one VLAN to be carried untagged, or for specific control-plane or legacy connectivity requirements.

Option A is incorrect because native VLAN does not restrict the trunk to tagged-only traffic; it explicitly provides a mechanism to accept or emit untagged frames on a trunk. Option B is incorrect because access ports are designed for a single VLAN and normally treat traffic as untagged by default; they do not become ''tagged access'' by using native VLAN. Option C is incorrect because native VLAN does not change the VLAN ID range; VLAN ID ranges are determined by the 802.1Q standard and platform support, not by the native VLAN feature.

Answer : A

A Layer 2 switch builds its Ethernet switching table through a learning process based on the source MAC addresses of incoming frames. When a frame arrives on an interface within a VLAN or bridge domain, the switch examines the source MAC address and associates it with the ingress interface and VLAN context. If the MAC address is new, the switch creates a new entry; if it already exists but is seen on a different interface, the switch updates the entry to reflect the new location. This dynamic learning is fundamental to efficient unicast forwarding and is why option A is correct.

Once the switch has learned MAC-to-port mappings, it can forward subsequent frames destined to those MAC addresses as known unicast out the specific egress interface rather than flooding them. If the destination MAC is unknown, the switch typically floods the frame within the VLAN or bridge domain to discover the correct destination. When the destination replies, the switch learns that MAC as a source, completing the learning cycle.

Spanning Tree Protocol does not provide a MAC table and there is no concept of downloading an Ethernet switching table from a root bridge. STP's role is loop prevention and topology control at Layer 2, not MAC learning distribution. Firewall filters can enforce policy but do not create the switching table. Recording destination MAC addresses would not correctly learn endpoint locations because the destination can be unknown when the first frames are sent; source learning is reliable because every received frame carries the sender's MAC address.

Answer : A, C

BGP uses a small set of well-defined message types to form and maintain peerings and to exchange routing information. The Open message is used during session establishment after the TCP connection is up. It communicates the parameters required to form the BGP session, such as the BGP version, the autonomous system number, the negotiated hold time, the BGP identifier, and optional capabilities. Capabilities are especially important in data center designs because they enable features such as 4 byte ASNs, route refresh, and EVPN signaling when applicable.

The Update message is the core mechanism BGP uses to advertise reachability and to withdraw routes that are no longer valid. In a data center underlay using EBGP, Update messages carry the prefixes that represent loopbacks and point-to-point links, enabling leaf and spine reachability. In an EVPN control plane, Update messages carry EVPN Network Layer Reachability Information to distribute MAC and IP reachability and multihoming information across the fabric.

Hello is not a BGP message type. Hello is commonly associated with protocols like OSPF, IS-IS, and some discovery mechanisms. LSA is not a BGP message type either; Link State Advertisements are specific to OSPF.