An NSX administrator wants to create a Tler-0 Gateway to support equal cost multi-path (ECMP) routing. Which failover detection protocol must be used to meet this requirement?
Answer : A
According to the VMware NSX 4.x Professional documents and tutorials, BFD is a failover detection protocol that provides fast and reliable detection of link failures between two routing devices.BFD can be used with ECMP routing to monitor the health of the ECMP paths and trigger a route change in case of a failure12.BFD is supported by both BGP and OSPF routing protocols in NSX-T3.BFD can also be configured with different timers to achieve different detection times3.
An NSX administrator is using ping to check connectivity between VM1 running on ESXi1 to VM2 running on ESXi2. The ping tests fails. The administrator knows the maximum transmission unit size on the physical switch is 1600.
Which command does the administrator use to check the VMware kernel ports for tunnel end point communication?
Answer : B
The commandvmkping ++netstack=geneve -d -s 1572 <destination IP address>is used to check the VMware kernel ports for tunnel end point communication. This command uses the geneve netstack, which is the default netstack for NSX-T. The-doption sets the DF (Don't Fragment) bit in the IP header, which prevents the packet from being fragmented by intermediate routers. The-s 1572option sets the packet size to 1572 bytes, which is the maximum payload size for a geneve encapsulated packet with an MTU of 1600 bytes. The<destination IP address>is the IP address of the remote ESXi host or VM.Reference: : VMware NSX-T Data Center Installation Guide, page 19. : VMware Knowledge Base: Testing MTU with the vmkping command (1003728). : VMware NSX-T Data Center Administration Guide, page 102.
Which command is used to display the network configuration of the Tunnel Endpoint (TEP) IP on a bare metal transport node?
Answer : B
The commandifconfigis used to display the network configuration of the Tunnel Endpoint (TEP) IP on a bare metal transport node2. The TEP IP is assigned to a network interface on the bare metal server that is used for overlay traffic. Theifconfigcommand can show the IP address, netmask, broadcast address, and other information of the network interface. For example, the following command shows the network configuration of the TEP IP on a bare metal transport node with interface name ens192:
ifconfig ens192
The output of the command would look something like this:
ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.10.10.10 netmask 255.255.255.0 broadcast 10.10.10.255 inet6 fe80::250:56ff:fe9a:1b8c prefixlen 64 scopeid 0x20<link> ether 00:50:56:9a:1b:8c txqueuelen 1000 (Ethernet) RX packets 123456 bytes 123456789 (123.4 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 234567 bytes 234567890 (234.5 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
The TEP IP in this example is10.10.10.10.
IBM Cloud Docs
An administrator needs to download the support bundle for NSX Manager. Where does the administrator download the log bundle from?
Answer : B
https://docs.vmware.com/en/VMware-NSX/4.1/nsx-application-platform/GUID-50FB1A3F-07D8-4125-9252-DB05C28BE7E1.html: Procedure From your browser, log in with Enterprise Admin privileges to an NSX Manager at https://<nsx-manager-ip-address>. Navigate to System > Support Bundle. In the Request Bundle tab, select NSX Application Platform from the Type drop-down menu.
How is the RouterLink port created between a Tier-1 Gateway and Tier-O Gateway?
Answer : A
The RouterLink port is automatically created when a Tier-1 Gateway is connected with a Tier-0 Gateway from the NSX UI1. The RouterLink port is a logical interface that is assigned an IP address and is associated with a physical or virtual interface.The RouterLink port acts as an end point of the IPSec tunnel and routes traffic between the Tier-1 Gateway and the Tier-0 Gateway2. The other options are incorrect because they involve manual creation of logical switches or segments, which are not required for RouterLink port creation.Reference:Configure NSX for Virtual Networking from vSphere Client,Virtual Private Network (VPN)
https://docs.vmware.com/jp/VMware-NSX/4.0/administration/GUID-3F163DEE-1EE6-4D80-BEBF-8D109FDB577C.html
An NSX administrator is reviewing syslog and notices that Distributed Firewall Rules hit counts are not being logged.
What could cause this issue?
Answer : D
https://docs.vmware.com/en/VMware-NSX/4.0/administration/GUID-D57429A1-A0A9-42BE-A299-0C3C3546ABF3.html
What are three NSX Manager roles? (Choose three.)
Answer : D, E, F
According to the VMware NSX 4.x Professional documents and tutorials, an NSX Manager is a standalone appliance that hosts the API services, the management plane, control plane, and policy management.The NSX Manager has three built-in roles: policy, manager, and controller2. The policy role handles the declarative configuration of the system and translates it into desired state for the manager role. The manager role receives and validates the configuration from the policy role and stores it in a distributed persistent database. The manager role also publishes the configuration to the central control plane.The controller role implements the central control plane that computes the network state based on the configuration and topology information3. The other roles (master, cloud, and zookeeper) are not valid NSX Manager roles.