Selected 300-540 CCNP Service Provider Questions Answers

In a cloud-scale or data center–scale environment,Virtual Extensible LAN (VXLAN)is used as anoverlay technologyto transportLayer 2 segments over a Layer 3 underlay network. VXLAN encapsulates Layer 2 Ethernet frames inside UDP/IP packets, allowing broadcast, unknown unicast, and multicast (BUM) traffic and tenant Layer 2 domains to be extended across a routed IP fabric.

Key points aligned with Cisco Service Provider Cloud Infrastructure design principles:

VXLAN creates aLayer 2 overlay on top of a Layer 3 underlay.

TheVXLAN Network Identifier (VNI)provides a much larger segmentation space than traditional VLANs, enabling multi-tenancy at cloud scale.

Because the underlay is pure Layer 3 (IP routed fabric), VXLAN allows you tointerconnect Layer 2 segments between leaf switches or data centers over an IP/MPLS backbonewithout relying on large Layer 2 domains in the physical network.

Why the options evaluate as follows:

Option A: extends Layer 2 segments across the underlying Layer 3 infrastructure✅This is the core benefit of VXLAN in cloud-scale designs. VXLAN encapsulates Layer 2 frames intoIP/UDP headers, allowing isolated Layer 2 segments (per VNI) to be stretched across a routed IP network. This enables:

Multi-tenant Layer 2 connectivity across a distributed cloud fabric

Mobility of virtual machines or containers while keeping same IP/MAC addressing

Use of an IP-based leaf–spine or service provider underlay for scalability and resiliency

Option B: extends Layer 3 segments across the underlying Layer 2 infrastructure❌This is the opposite of what VXLAN does. VXLAN is explicitlyL2-over-L3, not L3-over-L2. Extending pure Layer 3 segments over Layer 2 is not the VXLAN use case.

Option C: reduces spanning-tree complexity across the Layer 2 infrastructure⚠️(Partially related but not the primary or direct benefit)In modern designs, the underlay isLayer 3 routed, and VXLAN overlays provide logical Layer 2 segments. This designavoids dependence on spanning tree in the fabric, whichindirectlyreduces STP complexity. However, the fundamental, exam-relevant benefit isL2 extension over L3, so C is not the best or most accurate answer compared to A.

Option D: eliminates the need for a Layer 3 underlay in the service provider infrastructure❌VXLAN absolutelyrequiresan IP (Layer 3) underlay for transport. VXLAN tunnels are built over a routed infrastructure (leaf–spine, MPLS/IP core, etc.). It does not remove the need for Layer 3; it depends on it.

Comprehensive and Detailed Explanation (Cisco NFVI / Virtualization Knowledge)

SR-IOV (Single Root I/O Virtualization)allows a VM to access the network interface hardwaredirectly, without going through the hypervisor’s virtual switch.

This is achieved by:

Assigning Virtual Functions (VFs) directly to VMs

Allowing high-performance, low-latency packet I/O

Bypassing the hypervisor datapath

Therefore, SR-IOV doesnotbypass the guest OS; it bypasses thehypervisor I/O virtualization layer, delivering near-native performance.

Thus the correct answer isC.

From Cisco’s EVPN VXLAN multihoming design requirements,port-active multihominguses asingle LAG (EtherChannel / Bundle-Ether)between the host/router and the pair of leaf switches. All physical interfaces participating in that bundle must be configured with:

bundle id mode active

This command:

Associates the physical interfaces (g1/0 and g1/1) withBundle-Ether1.

UsesLACP activemode, which is required for EVPN port-active multihoming.

Enables the host-facing port-channel required to support EVPN multihomed connectivity.

In the exhibit, R1 already has:

interface Bundle-Ether1

description "Bundle to Leaf-1"

interface Bundle-Ether1.10

ip address 192.168.10.1 255.255.255.0

This confirms that the engineer intends to bundleg1/0andg1/1together intoBundle-Ether1, and the missing step is adding the interfaces into that bundle.

The correct configuration is:

interface g1/0

bundle id 1 mode active

interface g1/1

bundle id 1 mode active

Why the other options are incorrect

A. evpn ethernet-segment 1This command is used on EVPN leaf switches (not R1) to define an ESI for multihoming. R1 is not an EVPN VTEP.

B. switchport mode trunkR1 is a router, not a switch. L3 interfaces do not use switchport.

C. encapsulation dot1q 1This applies only to subinterfaces, not physical interfaces, and is unrelated to building a LAG for port-active multihoming.

In Cisco Catalyst SD-WAN cloud integration, when the requirement is:

Automatically discovering AWSVPCs

Automatically identifying AWSservices

Allowing the user to choose whichprivate SD-WAN networkconnects to the cloud

UsingAWS credentials(Access Key / Secret Key) for automatic provisioning

…the Cisco-supported mechanism is theCisco SD-WAN Transit VPC solution.

Why Transit VPC is the correct answer:

It is specifically designed to integrateCisco SD-WANwith AWS environments.

Uses AWS APIs and user credentials to automatically discover:

VPC IDs

Subnets

Regions

Routing tables

Automatically deploys and configures CSR1000v or Catalyst 8000V routers into the VPC.

Provides a centralized “hub” in AWS to interconnect multiple SD-WAN sites.

Enables the user to choose which SD-WAN segments connect to which VPCs.

This matches the requirement ofautomatic cloud resource identification based on user credentials.

Why the other options are incorrect

A. AWS Direct Connect

This is a physical/private Layer 2 cloud connection.

It doesnotauto-discover VPCs or integrate through credentials.

It does not provide automated SD-WAN service provisioning.

C. IPsec VPN

Works for connectivity but ismanual, not automated.

Does not identify AWS cloud resources via credentials.

D. Segment routing

A transport technology used inside SP networks, irrelevant to AWS API-based VPC discovery.

Thus, onlyTransit VPCprovides automatic AWS cloud discovery and integration with SD-WAN.