Share your ARCH Experience

but… may be A is still right.

“…The logical point-to-point connections are laid out to produce a virtual star topology with the core VSS or vPC as the hub and the aggregation pairs as the spokes..”
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/white_paper_c11_493718.html

Damn exam, I am so tired with it. Want to back read normal books about routing ))

hi guys some serious problme with the question I am going on friday for the Exam .

Which two design recommendations are most appropriate when EIGRP is the data center core routing protocol? (Choose two.)
A. Summarize data center subnets.
B. Use passive interfaces to ensure appropriate adjacencies.
C. Tune the EIGRP timers to enable EIGRP to achieve quicker convergence.
D. Adjust the default bandwidth value to ensure proper bandwidth on all links.
E. Advertise a default summary route into the data center core from the aggregation layer.
Answer: A,E

Now look at the recommendations from book

Here are some recommendations on EIGRP design for the data center core layer:
• Advertise a default summary route into the data center layer with the ip summary-address eigrp
• If other default routes exist in the network, such as from the Internet edge, you may need to filter them using distribute lists. interface command into the aggregation layer.
• Summarize the data center subnets with the ip summary-address eigrp interface command from the aggregation layer.
• Use the passive-interface default command, and advertise only on the links that need to participate in the routing process using the no passive-interface interface

hi guys now I am seriously worried … i am appearing second time this week .

Q57 answer A&C cross checked in the book can any one please check

cbe187 all are same companies
use AT or P4S but no one is passing the exam now a days ..

Kash,

Seems to be AE is fine.

bd,

Q.51 : A and C right answer, Q53: Not usre need to check.

Reagrds
Kumar

@bd: re- 5.8 QUESTION NO: 51
I think the sim is correct with A and B as the answers. If you just read the question again…slowly….and think of it from Cisco’s point of view. Ask yourself, “what does Cisco want me to know if I were going to use NSF/SSO” or put another way, “What is the CISCO answer here”. Unfortunately, after sitting many Cisco exams, what I believe to be the ‘right’ answer from my perspective and experience may not result in a passing score for the exam. If you think about the question and look at the keyword that is provided there, “relevant”, you can sort of arrive at the correct answer.
ref: http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/prod_white_paper0900aecd801c5cd7.html.
check out the section on “Nonstop Forwarding with Stateful Switchover”.
Hope that helps.

http://www.sadikhov.com/forum/index.php?/topic/170655-ccdp-arch-notes/

http://www.diesel-ebooks.com/item/9781587055744/Hutton-Keith-Designing-Cisco-Network-Service-Architectures-ARCH-Authorized-Self-Study-Guide/1.html

http://my.safaribooksonline.com/book/certification/ccdp/9781587054990

VPN scalability is based on number of remote sites (Cisco arch guide) . not Packets per second (p4s)

All the IDS/IPS stuff is good in the p4s , just the vpn client and firewall design q’s are wrong

Kash,

I have cross checked it, its good(Q57: AC only)

Kumar

Thx to all. Seems that Kumar is right.

Q.51 A and C.

A. You can reduce outage 1 to 3 seconds by using SSO in Layer 2 environment or Cisco NSF with SSO in a Layer 3 environment.

“…In this topology, SSO provides for protection against supervisor hardware or software failure with 1-3 seconds of packet loss and no network convergence…”

C. In a fully redundant topology adding redundant supervisor a with NSF and SSO may cause
longer convergence times than single supervisors with turned IGP times

“…When designing a network for optimum high availability, it is tempting to add redundant supervisors to the redundant topology in an attempt to achieve even higher availability. However, adding redundant supervisors to redundant core and distribution layers of the network can increase the convergence time in the event of a supervisor failure..”

http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/HA_campus_DG/hacampusdg.html

5.8
QUESTION NO: 56

Which unique characteristics of Data Center Aggregation layer must be considerated by an
Entherprise Campus designer?

A. Layer 3 routing between the Access and Aggregation layers facilitates the ability to span
VLANs across multiple access switches, which is a requirement for many server virtualization and clustering technologies.
B. ”East-west” server-to-server traffic can travel between aggregation modules by way of the core, but backup and replication traffic typically remains within an aggregation module.
C. Load balancing, firewall services, and other network services are commonly integrated by the use of service modules that are inserted in the aggregation switches.
D. Virtualization tools allow a cost effective approach for redundancy in the network design by
using two or four VDCs from the same physical switch.

Answer: D
Why not C? This is seems to be true exactly about aggregation level.

5.8
QUESTION NO: 59

There are three steps to confirm whether a range if IP addresses can be summarized. Which of
the following is used in each of three 3 steps?
A. The first number in the contiguous block of addresses
B. The last number in the contiguous block of addresses
C. The size of the contiguous block of addresses
D. The subnet mask of the original network address
Answer: B

Ans A is true.
“..Step 3.. The summary route number is represented by the first IP address in the block, followed by a slash, followed by the number of common bits..”
http://www.ciscopress.com/articles/article.asp?p=174107&seqNum=3
But this is strange to hear “number” instead “address”

Question 59 is crazy , i can subnet like a demon , but these cryptic design questions are nuts
lets try it out , which one could you answer for sure

Example 1. Can these network addresses be summarized? (first network known only)
172.16.0.0/? 172.16.X.0/? 172.16.X.0/? 172.16.X.0/?

Example 2. Can these network addresses be summarized? (last network known only)
172.16.X.0/? 172.16.X.0/? 172.16.X.0/? 172.16.3.0/?

Example 3. Can these network addresses be summarized? (block size of networks only)
A block of 4 Class C networks /24

Example 4. Can these network addresses be summarized? (SM of first net only known)
172.16.X.0/24 172.16.X.0/? 172.16.X.0/? 172.16.3.0/?

I have taken the exam twice and answered A first time and D the second time , both times scoring low on the “Design advanced ip addressing” section

So C is the correct answer , it’s the only on you could be sure on
Cisco ARCH guide says use the network block size.
4 networks = 2 bits
8 networks = 3 bits
16 networks = 4 bits
has to be a to the power of to block size otherwise it cant be summarized.
e.g
If i gave you a block of 17 networks you would need to summary/ACL/route statements

to=two statements

@victor.
I think this process should be:
We have this block
172.16.12.0/24
172.16.13.0/24
172.16.14.0/24
172.16.15.0/24

Step 1. Convert to binary.
10101100.00010000.00001100.00000000
10101100.00010000.00001101.00000000
10101100.00010000.00001110.00000000
10101100.00010000.00001111.00000000

Step 2. Locate the bit where the common pattern of digits ends.
10101100.00010000.000011 | 00.00000000
10101100.00010000.000011 | 01.00000000
10101100.00010000.000011 | 10.00000000
10101100.00010000.000011 | 11.00000000

Step 3. Count the number of common bits. The summary route number is represented by the first IP address in the block, followed by a slash, followed by the number of common bits.

22 common bits. First address is 172.16.12.0. So summary is 172.16.12.0/22.

I think here, in every step, we work with the first address.

I would say D is correct in question 59. A,B and C are the three steps for summarization! and on “each of three steps” you should know about subnet mask.

bd,

Your answer also makes a big sense.

@Pedram
>on “each of three steps” you should know about subnet mask.
Why?
Look at my example. I don’t care about the subnet mask in Step 1 and 2. Only in the last step we choose a mask based on common bits count.

If subnet masks are not the same, or you don’t know about them, there is no point for doing step 1 and 2.

@bd binary way is very slow

4 networks range = 6 bits subneting therefore 172.16.xxxxxx00.0 = 8+8+6 = 22bits

So can we summarize these nets into one route ? we know the first and last addresses but its the block size which answers the question.

172.16.12.0/24 12,13,14,15 4 networks = 6 bits = /22
172.16.13.0/24
172.16.14.0/24
172.16.15.0/24
172.16.16.0/24

So can we summarize these nets into exactly one route ?
172.16.160.0/24 160-167 = 8 networks range = 5 bits = /21
172.16.161.0/24
172.16.162.0/24 yes 172.16.160.0/21 is the summary
172.16.163.0/24
172.16.164.0/24
172.16.165.0/24
172.16.166.0/24
172.16.167.0/24

So can we summarize these nets into exactly one route ?
172.16.160.0/24 160-179 = 16 networks range = 4 bits = /20
to
172.16.179.0/24
yes 172.16.160.0/20 is the summary

So can we summarize these nets into exactly one route ?
172.16.160.0/24 160-180 = 20 networks range = no range match
to
172.16.180.0/24

either way you work it out , to be sure if a ip range can be summarized you have to know the block size ( which is found by looking at the first and last address..haha)

i still think C and otherwise D because if i make any of the masks in the above questions /8 the summaries don’t work anymore

Anyway , those who took the exam what sections did you score low on based on the AT/P4s
for me it was “Design advanced IP addressing and routing solutions for enterprise networks”
I scored med/well on Campus and Data Centre
the security / ip shit which seems straight forward which iv done in NP already is where i bombed out.

@Pedram
>If subnet masks are not the same, or you don’t know about them, there is no point for doing step 1 and 2.

I guess, that “range if IP addresses” in question context already mean that addresses are in the same subnet.

@victor
>binary way is very slow

No matter, slow or not. This is a RULE to Convert to binary from Cisco guide. Look carefully this link http://www.ciscopress.com/articles/article.asp?p=174107&seqNum=3 About Steps…

hey guys if money way no object to spend on test questions / exam prep
and you needed to pass this fcuker quick , what else is there that’s decent beside p4s?
no time for s bootcamp/course

Actual test / Testking / Testinside /ExamWorxs ???

Ha, Ha

In my Internet Travels , i have only found one dude who has actual passed this thing
https://learningnetwork.cisco.com/message/170256?tstart=10

Designing Cisco Network Service Architectures (ARCH) self-study guide from Cisco Press,
(got this / not that good i reckon – not much meat on the new stuff / but will help sort out the p4s a bit)

This might help us sort out the p4s problems
http://www.examcollection.com/cisco/Cisco.TestInside.642-873.v2010-08-13.by.MALIK.209q.vce.file.html

the old 873 exam is very similar , and peopla are quoting i got 1000/1000 using this for 873
which means that any matching q’s we know are correct in this version.

I have found two so far
” 79XX IP Phones do not mark voice packets with the optimal DSCP values” should be
“79XX IP phones do not mark protocol packets such as DHCP, DNS, or TFTP with non zerp DSCP”

When is the site-to-site remote access model appropriate?
A) ISDN (642-874)

C) for a group of users (642-873) correct answer

@bd

As I said, your answer makes a good sense, but there are other points of view and calculation methods (which mentioned in other Cisco documents as well) that can be considered. If I sit the exam and get this question, I will put a comment about and suggest you to do that as well. it is a very ambiguous test.

@Pedram
>If subnet masks are not the same, or you don’t know about them, there is no point for doing step 1 and 2.
masks o nit need to be the same

172.16.0.0/24 ————————– summary 172.16.0.0/22
172.16.1.0/24
172.16.2.0/24
172.16.3.0/26
172.16.3.64/27
172.16.3.96/27
172.16.3.128/26
172.16.3.192/26

@victor

I am with you now! C id correct answer. From ARCH student guide volume 1:

A block of summarizable addresses:
•Has N sequential numbers in an octet
•Has N as a power of 2
• Has the first number in the block a multiple of N

Example: Is 172.19.160.0 -172.19.191.0 summarizable?
– 160 to 191 is a range of 32 numbers in a row.
– 32 is 2 to the fifth power.
– 160 is a multiple of 32.
– Conclusion: Yes, 172.19.160.0 -172.19.191.0 is summarizable.

However, still subnet mask make it ambiguous, but at least we know what are they looking for!

@ victor

I KNOW THAT, I said or….

@victor
@Pedram
So, you are shure that “C. The size of the contiguous block of addresses” is right? May be this is true. But this is strange ans, like question itself. Yep, in every step we work with a block, and summary address itself is a block too. This is it?

@bd

I am pretty sure now that C is the answer. I just copy/paste from the student guide 3 steps for confirming a summarizable block of addresses and that give us the answer clearly.

The ‘firewall sandwich’

Most firewall solutions have a limited throughput-far less than the gigabit capacity needed by data-intensive applications like storage area networks. Without a single-box solution, most network administrators fall back on a workaround using load balancers in a “firewall sandwich.”

In a firewall sandwich, a load balancer distributes network traffic more or less evenly, in parallel across a group of firewalls or other network devices. As shown in the figure (a), the firewalls must be run in parallel to make their processing power additive. It takes several load balancers on each side to provide full-gigabit throughput in both directions, which requires additional investment in equipment and administration.

http://www.infostor.com/index/articles/display/138898/articles/infostor/volume-6/issue-3/features/data-security-in-the-virtual-san.html

http://www.cisco.com/en/US/docs/solutions/Enterprise/Education/SchoolsSRA_DG/SchoolsSRA_chap4.html

Can any please summarize answers , I ma going for exam on friday
i belive Q59 answer is A
Can any one answer 17 I am tied between A and C

one more thing from AT5.8 My friend i got first 55 questions can we only concentrate on this .

and one answer please put reference …. I ma only using ARCH 2nd Edition book

Q17
FHRP is L3 Distribution layer Protocol so i think answer is A
book page 40 under avoid single point of Failure

Cisco NSF with SSO and redundant supervisors has the most impact in the campus in the access layer.

@Kash

I am not telling you what you should choose as answer for question 59, you should decide yourself, but based on comment on Cisco ARCHv2 Student Guide volume 1, if I get that question on the exam, I will choose C for sure.
For Q17 I also will go for C.

Guys confirm answers

230 is B
and
90 is C

For Q17 because it says “of the traditional…”

Kash,

By the way, good luck! and please share your experiences after.

Pedram what you mean by traditional what u suggest answer should be
I will definately .
The result we come on after 3 exams we all friends is that its first 60 Question of AT whihc is in exam we just need to work this out

victor some questions in this VCE are worng as well , I am going through it

Going thru AT 5.8 now

QUESTION NO: 9 ( i think has issues)
When designing the IP routing for the Enterprise Campus network, which of these following two
iBGB considerations should be taken into account?
Cisco 642-874 Exam
“Pass Any Exam. Any Time.” – http://www.actualtests.com 5
A. iBGB dual horning with different iSPs puts the Enterprise at the risk of becoming a transit
network
B. iBGP requires a full mesh of eBGP peers (wrong )
C. Routers will not advertise iBGP learned routers to other iBGP peers. (true)
D. The use of route reflections or Confederation eliminate any full mesh requirement while helping
to scale iBGP (true)
E. iGBP peers do not add any information to the AS path (true)
AT Answer: A,D
Explanation:
A (this would be true if it was eBgp , but it says ibgp and 2 diff ISP will always be diff AS , so connection is ebgp – so is it wrong or a typo
B false (true if it was ibgp peers)
C true
D half true – Route reflectors cut the need for full mesh , however inside a confederation (sub-AS) you still would need full mesh between your bgp peers
E true

A gree victor , a paracgraph from book says
The full mesh of IBGP routers is needed because IBGP routers do not re-advertise routes learned via IBGP to other IBGP peers. This behavior is part of BGP protocol behavior that is used to prevent information from circulating between IBGP speaking routers in a routing information loop or cycle. External BGP (EBGP) relies on the autonomous system path to prevent loops. However, there is no way to tell whether a route advertised through several IBGP speakers is a loop. Because IBGP peers are in the same autonomous system, they do not add anything to the autonomous system path, and they do not re-advertise routes learned via IBGP

good victor keep it up any other question ?

I know we have been thru before , but this is def wrong (route filtering can be in/out)
using a route-map , Distribution list or osfp/eigrp summary commands

QUESTION NO: 42
When designing the routing for an Enterprise Campus network it is important to keep while of the
following filtering aspects in mind?
A. Filtering is only useful when combined with route summarization
B. It is best to filter (allow) the default and summary prefixes only in the Enterprise Edge to remote
sites or site-to-site IPsec VPN networks
C. IGPs (for example EIGRP or OSPF) are superior to route filtering in avoiding in inappropriate
transit traffic through remote nodes or inaccurate or inappropriate routing updates
D. The primary limitation of router filtering is that it can only be applied on outbound updates
Answer: D
Explanation: better answer i think is B
Maybe C / using ospf and eigrp summaries is much more elegant way to achieve the same result

From Cisco.com
OSPF Route-Map-Based Filtering: Example

In this example, OSPF external LSAs have a tag. The value of the tag is examined before the prefix is installed in the routing table. All OSPF external prefixes that have the tag value of 777 are filtered (prevented from being installed in the routing table). The permit statement with sequence number 20 has no match conditions, and there are no other route-map statements after sequence number 20, so all other conditions are permitted.

route-map tag-filter deny 10
match tag 777
route-map tag-filter permit 20
!
router ospf 1
router-id 10.0.0.2
log-adjacency-changes
network 172.16.2.1 0.0.0.255 area 0
distribute-list route-map tag-filter in

In base e-Commerce module designs, where should firewall perimeters be placed?
A. core layer
B. Internet boundary
C. aggregation layer
D. aggregation and core layers
E. access and aggregation layers

Any idea , I have checked roughly 20 digarams and i would say
D. aggregation and core layers