Networklearner

Saturday, 9 August 2025

Important Questions - Network Automation

Which enterprise platform type can be used to receive real-time notifications from automation tools to alert a given individual or team?

Top of Form

dashboards
orchestration
ITSM
chat

Bottom of Form

Ans – Chat

What does CALMS stand for?

· coding, automation, lean, measurement, sharing

· culture, automation, logging, measurement, sharing

· culture, automation, lean, management, sharing

· culture, automation, lean, measurement, sharing

Ans - The correct answer is:

✅ Culture, Automation, Lean, Measurement, Sharing

Which two options are common trends in the network industry in the context of automation? (Choose two.)

Top of Form

· implementing DevOps processes and principles

· actively testing automation in production

· adoption of open source

· increasing the rate and use of the CLI

· hiring more engineers to scale network management

Ans The two correct options that are common trends in the network industry in the context of automation are:

✅ Implementing DevOps processes and principles

✅ Adoption of open source

Which two of the following options are the main data encoding formats that are commonly used in Application Programming Interfaces? (Choose two.)

Top of Form

· HTML

· JSON

· PDF

· XML

· DOCX

Submit

Bottom of Form

The two main data encoding formats commonly used in Application Programming Interfaces (APIs) are:

✅ JSON (JavaScript Object Notation)

✅ XML (eXtensible Markup Language)

What is the main reason to learn how to interact with JSON objects?

Top of Form

· JSON is a simple data object.

· The Python programming language supports it.

· JSON is one of the encoding formats that is commonly used in APIs.

· JSON is an XML-based data exchange format for HTTP requests.

The correct answer is:

✅ JSON is one of the encoding formats that is commonly used in APIs.

Assuming that there are three devices in the inventory, what is wrong with the following YAML data?

inventory: csr1kv1: ios-xe csr1kv2: nx-os csr1kv3: ios-xe

Top of Form

· Everything looks correct.

· The line csr1kv2: nx-os cannot have nx-os as a value.

· The indentation is invalid.

· The text “- sign” is absent at the beginning of each line.

Bottom of Form

The correct answer is:

✅ The indentation is invalid.

Which command is used to locate a Python package that is stored on the Python Package Index?

Top of Form

· pip find <PACKAGE>

· pip lookup <PACKAGE>

· pip search <PACKAGE>

· pip locate <PACKAGE>

The correct answer is:

✅ pip search <PACKAGE>

A module that is named inventory has a variable that is called devices. After successfully importing the module using import inventory, what is the proper syntax to print the contents of the variable?

Top of Form

· print(devices)

· print(inventory.devices())

· print(inventory["devices"])

· print(inventory.devices)

Bottom of Form

The correct answer is:

✅ print(inventory.devices)

A variable of a dictionary data type named inventory has the following value: {"csr1kv1":{"vendor":"cisco"}}. Which Python command will print the value of the "vendor" key?

Top of Form

· print(inventory ["vendor"])

· print(inventory [0]["vendor"])

· print(inventory ["csr1kv1"]["vendor"])

· print(inventory ["csr1kv1"])

Bottom of Form

The correct answer is:

✅ print(inventory["csr1kv1"]["vendor"])

Match the correct options:

Top of Form

Derivatives include CentOS and Fedora.

Select Match

The most popular derivative is Ubuntu.

Select Match

Focused on penetration and security testing.

Select Match

Focused on home router functionality.

Select Match

Here’s the correct matching for each description:

1. Derivatives include CentOS and Fedora.
→ Red Hat Enterprise Linux (RHEL)

2. The most popular derivative is Ubuntu.
→ Debian

3. Focused on penetration and security testing.
→ Kali Linux

4. Focused on home router functionality.
→ OpenWrt

What does the grep command allow a user to do?

Top of Form

· search the contents of a file for a specified value

· display the first 10 lines of a file

· stream the entire contents of a file without pausing

· navigate to another directory

Bottom of Form

The correct answer is:

✅ search the contents of a file for a specified value

Which command-line command is used for package management in Debian distributions including Ubuntu?

Top of Form

· .rpm

· yum

· .deb

· apt-get

Bottom of Form

The correct answer is:

✅ apt-get

Match the HTTP response code on the left with its description on the right.

Top of Form

Client Error

Select Match

Success

Select Match

Redirection

Select Match

Submit

Bottom of Form

Here’s the correct matching of HTTP response codes with their descriptions:

1. Client Error
→ 4xx (e.g., 404 Not Found, 403 Forbidden)

2. Success
→ 2xx (e.g., 200 OK, 201 Created)

3. Redirection
→ 3xx (e.g., 301 Moved Permanently, 302 Found)

Why are API health checks useful?

Top of Form

· to prevent you from creating requests that will fail

· to make sure the API endpoint has no viruses

· to prevent memory leaks in the API code

· to make it harder for malicious users to exploit the API

Bottom of Form

The correct answer is:

✅ to prevent you from creating requests that will fail

Which option is a command-line tool for consuming REST APIs?

Top of Form

· Postman

· Firefox

· cURL

· Python requests

Bottom of Form

The correct answer is:

✅ cURL

Match the Git architecture components to their respective descriptions.

Top of Form

A repository where the files of the project reside, and also from where all other local copies are pulled.

Select Match

A repository where snapshots, or commits, are stored on the local machine of each person.

Select Match

The area where all the changes are placed before committing to the local repository.

Select Match

A directory that a git clone command created.

Select Match

Bottom of Form

Here’s the correct matching of Git architecture components with their descriptions:

1. A repository where the files of the project reside, and also from where all other local copies are pulled.
→ ✅ Remote repository

2. A repository where snapshots, or commits, are stored on the local machine of each person.
→ ✅ Local repository

3. The area where all the changes are placed before committing to the local repository.
→ ✅ Staging area (or index)

4. A directory that a git clone command created.
→ ✅ Working directory

Which Git feature allows creation of a full replica of a repository and experiments on the source code without affecting the original repository?

Top of Form

· clone

· pull

· fork

· merge

Bottom of Form

The correct answer is:

✅ fork

Which two activities does the git add command perform? (Choose two.)

Top of Form

· adds files to a remote

· starts tracking files

· adds files to the local directory

· adds files to the staging area

The two correct activities that the git add command performs are:

✅ Starts tracking files

✅ Adds files to the staging area

Bottom of Form

Thursday, 7 August 2025

Comparison Between CDP and LLDP in Cisco ACI

Note :- Both CDP and LLDP can be enabled at the same time.

Feature	CDP (Cisco Discovery Protocol)	LLDP (Link Layer Discovery Protocol)
Vendor Support	Cisco proprietary	Vendor-neutral (IEEE 802.1ab standard)
Protocol Layer	Data Link Layer	Data Link Layer
Device Discovery Scope	Cisco devices only	Cisco and non-Cisco devices
Communication Type	Periodic advertisements (multicast)	One-way advertisements
Information Shared	Protocol addresses, platform, SNMP address, hold-time	Device capabilities, identity, configuration via TLVs
TLV Support	Limited to Cisco-defined TLVs	Standardized TLVs (Type-Length-Value)
Max Neighbors per Port	Up to 256	One device per port
ACI Support (from Release 4.2(1))	Supported on leaf/spine management interfaces	Supported on leaf/spine management interfaces
ACI Configuration Scope	Can be enabled globally across fabric	Can be enabled globally across fabric
ACI Use Case	Troubleshooting cabling issues, especially in unstaffed sites	Same as CDP
ACI Interface Support	Physical interfaces and port channels only	Same, but not supported on FEX interfaces
ACI VLAN TLV Limitations	Not applicable	Only 25 VLANs advertised; name TLV limited to 32 characters
ACI Infra-VLAN Advertisement	Not specified	Not advertised even if enabled
ACI Routed Sub-interface VLANs	Not specified	Not advertised
Default Behavior on Fabric Ports	Not supported between fabric-connected interfaces	Enabled by default on fabric ports

ACI BFD Support Overview

ACI BFD Support Overview

Supported Protocols: BFD is supported for BGP external routed networks.
Purpose: BFD provides sub-second failure detection between ACI leaf switches and external routers, improving convergence and reliability.
Multihop BFD: Supported from APIC Release 5.0(1) onward.
C-bit-aware BFD: ACI supports control-plane-aware BFD, allowing you to configure whether BFD sessions are dependent or independent of the control plane

🔧 Configuration Guidelines

To configure BFD in ACI:

Create or Edit a BGP Peer Connectivity Profile:

Navigate to L3Out > Node Profile > BGP Peer Connectivity Profile
Enable BFD under the peer settings.

Ensure Loopback Interfaces:

For multihop BFD, loopback interfaces are required.
Each L3Out should have a unique loopback IP for BGP peering.

MTU Considerations:

ACI does not support IP fragmentation, so ensure MTU is properly configured on both ends.
Recommended: Test MTU using CLI tools like ping df-bit packet-size.

Platform Compatibility:

BFD support may vary slightly depending on the ACI hardware model (e.g., N9K-C9336PQ, N9K-C93180YC-EX).
Always verify compatibility in the release notes or hardware documentation.

⚠️ Limitations

BFD is not supported for OSPF or EIGRP in ACI.
BFD configuration is only applicable to external routed networks (L3Out), not internal fabric routing.

Wednesday, 6 August 2025

ACI Leaf as Ethernet Hub - Spanning tree handing in ACI

🔁 ACI Leaf as Ethernet Hub (Behavioral Analogy)

ACI leaf switches forward BPDUs transparently between connected devices.
This behavior mimics a hub, where multiple devices share the same broadcast domain.
Therefore, STP decisions and transitions are influenced by how the connected switch interprets the topology.

⚡ P2P Mode (Rapid Convergence)

When a switch receives a Proposal BPDU on a P2P link:

It can immediately respond with an Agreement BPDU.
This allows the sender to transition from Blocking to Forwarding without waiting for timers.

This is ideal for RSTP-enabled switch-to-switch links.

🕒 Shared Mode (Delayed Convergence)

On a Shared link, the receiving switch cannot send an Agreement immediately.
The sender must wait for the Forward Delay timer to expire before transitioning.
This introduces latency in STP convergence.

🔄 Impact Across All ACI Versions

This behavior is consistent across all ACI firmware versions.
It’s crucial to explicitly configure STP link-type on external switches connected to ACI leafs to ensure optimal convergence.

ACI Port Configuration Best Practices for External Switches

1. Determine the Nature of the Connection

Connection Type	Recommended STP Link-Type	Reason
Switch-to-Switch (Trunk or Access)	Point-to-Point (P2P)	Enables rapid STP convergence via RSTP
Switch-to-Hub or Shared Media	Shared	Prevents premature forwarding; slower convergence
Legacy or non-RSTP switch	Shared	Ensures compatibility with older STP implementations

2. ACI Interface Policy Configuration

In ACI, configure the following under Access Policies:

Interface Policy Group:

Enable STP Interface Policy
Set Link Type to either point-to-point or shared based on the external device

Attach the Interface Policy Group to the appropriate Leaf Interface Profile

4. Avoid STP Misconfigurations

Ensure BPDU Guard is disabled on ACI ports connected to switches.
Avoid enabling PortFast on external switch ports facing ACI unless it's an edge port.
Monitor STP topology changes to detect misbehaving devices.

5. Use LLDP/CDP for Visibility

Enable LLDP/CDP on both ACI and external switches to:

Verify connectivity
Identify misconfigured ports
Assist in troubleshooting

Tuesday, 5 August 2025

COOP: Council of Oracle Protocol - Cisco ACI

COOP: Council of Oracle Protocol – A Modern Overview

The Council of Oracle Protocol (COOP) serves as a critical mechanism for transmitting endpoint mapping data—such as identity and location—from leaf switches to spine proxies within a network.

This communication is facilitated using Zero Message Queue (ZMQ), enabling leaf switches to relay endpoint details to a designated spine switch known as the "Oracle."

Spine nodes running COOP maintain a synchronized repository of endpoint mappings, ensuring consistency across the network. Additionally, COOP manages a Distributed Hash Table (DHT) that stores identity-to-location mappings, forming the backbone of the protocol’s database infrastructure.

To prioritize secure and efficient data transport, COOP uses high-priority channels and encrypted connections. Security is further reinforced through MD5-based authentication, which safeguards COOP messages against unauthorized traffic injection. Both the APIC controller and network switches support this authentication mechanism.

COOP now supports two distinct ZMQ authentication modes:

Strict Mode: Only MD5-authenticated ZMQ connections are permitted, ensuring maximum security.
Compatible Mode: Allows both authenticated and non-authenticated ZMQ connections, offering flexibility for diverse network environments.

Integrating COOP with Cisco APIC: Secure ZMQ Authentication in ACI Fabric

To enable secure communication across the Cisco Application Centric Infrastructure (ACI), the Application Policy Infrastructure Controller (APIC) incorporates support for COOP Zero Message Queue (ZMQ) authentication. This includes the use of MD5-based password protection and a secure operational mode for COOP messaging.

Configuration of COOP ZMQ Authentication Type

A new managed object, coop:AuthP, has been introduced within the Data Management Engine (DME) under the COOP database path (coop/inst/auth). This object allows administrators to define the authentication mode for COOP ZMQ connections. By default, the mode is set to "compatible", permitting both authenticated and unauthenticated connections. For environments requiring stricter security, the mode can be switched to "strict", which enforces MD5 authentication exclusively.

Managing the MD5 Password for COOP Authentication

The APIC also provides a managed object named fabric:SecurityToken, which includes a dynamic attribute called "token". This token serves as the MD5 password and is refreshed automatically every hour. COOP receives update notifications from the DME to ensure the password remains current. For security reasons, the actual token value is not exposed or displayed.

COOP Strict Mode Behavior During ACI Fabric Upgrades

When performing an upgrade across the Cisco ACI fabric, the system temporarily disables COOP strict mode until all switches have completed the upgrade process. This safeguard is designed to prevent disruptions in COOP communication—specifically, it avoids the risk of a switch rejecting COOP connections due to premature enforcement of strict authentication. By deferring strict mode activation, the fabric ensures seamless interoperability and avoids authentication mismatches during transitional states.

Configuring COOP Authentication Policy in Cisco ACI

Using the Cisco APIC GUI

To set the COOP authentication mode through the APIC interface:

Navigate to System > System Settings from the top menu.
In the left-hand Navigation pane, select COOP Group.
In the Work pane, locate the Policy Property section. Under the Type field, choose either:

Compatible Type – allows both authenticated and unauthenticated ZMQ connections.
Strict Type – enforces MD5 authentication for all ZMQ connections.

Click Submit to apply the changes.

This completes the configuration of the COOP authentication policy via the APIC GUI.

Using the Cisco NX-OS-Style CLI

To configure COOP authentication using the command-line interface:

This sets the COOP authentication mode to strict, ensuring that only MD5-authenticated ZMQ connections are accepted.

apic1# configure

apic1(config)# coop-fabric

apic1(config-coop-fabric)# authentication type ?

compatible Compatible type strict Strict type

apic1(config-coop-fabric)# authentication type strict

COOP (Council of Oracle Protocol) and ZMQ (Zero Message Queue)

In Cisco ACI (Application Centric Infrastructure), both COOP (Council of Oracle Protocol) and ZMQ (ZeroMQ) play critical roles in the control-plane communication between switches (leaves and spines), but they serve different purposes and operate at different levels. Let’s break down the difference and their relationship:

🔹 What is COOP in Cisco ACI?

📌 Purpose:

COOP is the control-plane protocol used by leaf switches to register endpoint information with spine switches in Cisco ACI.

📌 Function:

It is used by leaf switches to tell the spine(s) about endpoints (MAC, IP, EPG, etc.) they’ve learned.
Spines act as COOP databases and maintain a distributed mapping table of which leaf has which endpoint.
This allows for location-based routing (instead of flooding like in traditional Ethernet).

🔹 What is ZMQ (Zero Message Queue) in Cisco ACI?

📌 Purpose:

ZMQ (ZeroMQ) is a messaging library used within Cisco ACI to transport messages between system components (e.g., between leaf and spine switches).

📌 Function:

Acts like a messaging bus.
Enables high-performance publish/subscribe or request/response messaging.
It’s used under the hood to deliver control-plane messages—including COOP messages.

✅ Does COOP Use ZMQ?

Yes.

COOP uses ZMQ as its transport mechanism to send and receive messages between leaf and spine switches.

🔍 How Does COOP Use ZMQ?

Here’s the flow simplified:

A leaf switch learns a new endpoint (say, a VM with MAC/IP).
The leaf constructs a COOP message with the endpoint details.
This COOP message is encapsulated in a ZMQ message.
The ZMQ library sends this message to the appropriate spine switch (COOP database).
The spine decodes the COOP message and updates its COOP database.

Diagrammatically:

less

CopyEdit

[Leaf Switch]

|--> [COOP Message Created]

|--> [Wrapped in ZMQ Message]

|--> [ZMQ Sends Message to Spine]

[Spine Switch (COOP DB)]

|--> [ZMQ Receives Message]

|--> [COOP Message Extracted & DB Updated]

🆚 Summary: COOP vs ZMQ

Feature	COOP	ZMQ
Purpose	Control-plane protocol for endpoint learning	Messaging library used for data transport
Scope	Endpoint registration between leaf & spine	Messaging between ACI components
Layer	Application-layer protocol	Transport mechanism (middleware)
Relationship	Payload Protocol	Transport Protocol
Used By	Leaf-to-Spine communication	All ACI components (APICs, Leafs, Spines)

✅ Example of Usage:

You might see coop messages being passed between leaf and spine switches in packet captures.
If you dig deeper, those messages are often encapsulated using ZMQ frames, showing how COOP rides on top of ZMQ.

Concept of vPC in ACI

Concept of vPC in ACI

In Cisco ACI, a Virtual Port Channel (vPC) enables two separate leaf switches to present a unified port channel to a connected endpoint—such as a server, firewall, or another switch that supports link aggregation protocols like LACP.

In this setup, two ACI leaf nodes (e.g., Leaf201 and Leaf202) act as vPC peers, forming a logical construct known as a vPC domain. One of these peers is elected as the primary, while the other assumes the secondary role.

ACI’s MCT-Based Architecture

Unlike traditional vPC implementations that rely on a dedicated peer-link, ACI leverages the fabric itself to manage synchronization and control-plane communication. This architecture is referred to as Multichassis EtherChannel Trunk (MCT).

🔧 Key Characteristics:

No physical peer-link is required between Leaf201 and Leaf202.
Instead, the ACI fabric handles all peer communication and synchronization.
ZMQ (Zero Message Queue) replaces traditional CFS (Cisco Fabric Services) for messaging between vPC peers.

How Peer Communication Works in ACI

ZMQ, a high-performance messaging library using TCP, is embedded as libzmq on each switch.
Applications that require peer communication (like the vPC manager) use this library to exchange messages.

🔄 Peer Reachability Mechanism:

The vPC manager subscribes to routing updates via URIB.
When IS-IS discovers a route to the peer (e.g., Leaf202 sees Leaf201), URIB notifies the vPC manager.
The manager then attempts to establish a ZMQ socket with the peer.
If the route is withdrawn (e.g., due to link failure), the vPC manager is notified and the MCT link is brought down accordingly.

Upgrade Best Practices with vPC

To ensure high availability during fabric upgrades, it's recommended to divide switches into at least two upgrade groups. For example:

Group A: Leaf201, Leaf203, Spine101
Group B: Leaf202, Leaf204, Spine102

This strategy ensures that at least one vPC peer remains active during the upgrade, preventing service disruption for connected endpoints.

Glossary

Term	Description
ACI	Application Centric Infrastructure
vPC	Virtual Port Channel
MCT	Multichassis EtherChannel Trunk
ZMQ	Zero Message Queue
URIB	Unicast Routing Information Base
IS-IS	Intermediate System to Intermediate System
LACP	Link Aggregation Control Protocol

VPC Design Options:-

Option 1 -VPC with SAME Leaf interfaces across two leafs with Combined Profiles

Option 2 - VPC with SAME Leaf interfaces across two leafs with Individual Profiles.

Option 3 - VPC with DIFFERENT Leaf interfaces across two leafs with Individual Profiles