Cisco 400-101
CCIE Routing and Switching (v5.0)
Version: 15.0
Cisco 400-101 Exam
Topic 1, Network Principles
Q1. Which two options are causes of out-of-order packets? (Choose two)
A. a routing loop
B. a router in the packet flow path that is intermittently dropping packets
C. high latency
D. packets in a flow traversing multiple paths through the network
E. some packets in a flow being process-switched and others being interrupt-
switched on a transit router
Answer: D,E
Explanation:
In traditional packet forwarding systems, using different paths have varying
latencies that cause out of order packets, eventually resulting in far lower
performance for the network application. Also, if some packets are process
switched quickly by the routing engine of the router while others are interrupt
switched (which takes more time) then it could result in out of order packets.
The other options would cause packet drops or latency, but not out of order
packets.
Q2. A TCP/IP host is able to transmit small amounts of data (typically less than
1500 bytes), but attempts to transmit larger amounts of data hang and then time
out. What is the cause of this problem?
A. A link is flapping between two intermediate devices.
B. The processor of an intermediate router is averaging 90 percent utilization.
C. A port on the switch that is connected to the TCP/IP host is duplicating
traffic and sending it to a port that has a sniffer attached.
D. There is a PMTUD failure in the network path.
Answer: D
Explanation:
Sometimes, over some IP paths, a TCP/IP node can send small amounts of data
(typically less than 1500 bytes) with no difficulty, but transmission attempts
with larger amounts of data hang, then time out. Often this is observed as a
unidirectional problem in that large data transfers succeed in one direction but
fail in the other direction. This problem is likely caused by the TCP
MSS value, PMTUD failure, different LAN media types, or defective links.
Reference. http://www.cisco.com/c/en/us/support/docs/additional-legacy-
protocols/ms-windows- networking/13709-38.html
Q3. Refer to the exhibit.
ICMP Echo requests from host A are not reaching the intended destination on host
B. What is the problem?
,A. The ICMP payload is malformed.
B. The ICMP Identifier (BE) is invalid.
C. The negotiation of the connection failed.
D. The packet is dropped at the next hop.
E. The link is congested.
Answer: D
Explanation:
Here we see that the Time to Live (TTL) value of the packet is one, so it will
be forwarded to the next hop router, but then dropped because the TTL value will
be 0 at the next hop.
Q4. Refer to the exhibit.
Which statement is true?
A. It is impossible for the destination interface to equal the source interface.
B. NAT on a stick is performed on interface Et0/0.
C. There is a potential routing loop.
D. This output represents a UDP flow or a TCP flow.
Answer: C
Explanation:
In this example we see that the source interface and destination interface are
the same (Et0/0). Typically this is seen when there is a routing loop for the
destination IP address.
Q5. Which three conditions can cause excessive unicast flooding? (Choose three)
A. Asymmetric routing
B. Repeated TCNs
C. The use of HSRP
D. Frames sent to FFFF.FFFF.FFFF
E. MAC forwarding table overflow
F. The use of Unicast Reverse Path Forwarding
Answer: A,B,E
Explanation:
Causes of Flooding
The very cause of flooding is that destination MAC address of the packet is not
in the L2 forwarding table of the switch. In this case the packet will be
flooded out of all forwarding ports in its VLAN (except the port it was received
on). Below case studies display most common reasons for destination MAC address
not being known to the switch.
Cause 1: Asymmetric Routing
Large amounts of flooded traffic might saturate low-bandwidth links causing
network performance issues or complete connectivity outage to devices connected
across such low-bandwidth links.
Cause 2: Spanning-Tree Protocol Topology Changes.
Another common issue caused by flooding is Spanning-Tree Protocol (STP) Topology
Change Notification (TCN). TCN is designed to correct forwarding tables after
,the forwarding topology has changed. This is necessary to avoid a connectivity
outage, as after a topology change some destinations previously accessible via
particular ports might become accessible via different ports. TCN operates by
shortening the forwarding table aging time, such that if the address is not
relearned, it will age out and flooding will occur.
TCNs are triggered by a port that is transitioning to or from the forwarding
state. After the TCN, even if the particular destination MAC address has aged
out, flooding should not happen for long in most cases since the address will be
relearned. The issue might arise when TCNs are occurring repeatedly with short
intervals. The switches will constantly be fast-aging their forwarding tables so
flooding will be nearly constant.
Normally, a TCN is rare in a well-configured network. When the port on a switch
goes up or down, there is eventually a TCN once the STP state of the port is
changing to or from forwarding. When the port is flapping, repetitive TCNs and
flooding occurs.
Cause 3: Forwarding Table Overflow
Another possible cause of flooding can be overflow of the switch forwarding
table. In this case, new addresses cannot be learned and packets destined to
such addresses are flooded until some space becomes available in the forwarding
table. New addresses will then be learned. This is possible but rare, since most
modern switches have large enough forwarding tables to accommodate MAC addresses
for most designs.
Forwarding table exhaustion can also be caused by an attack on the network where
one host starts generating frames each sourced with different MAC address. This
will tie up all the forwarding table resources. Once the forwarding tables
become saturated, other traffic will be flooded because new learning cannot
occur. This kind of attack can be detected by examining the switch forwarding
table. Most of the MAC addresses will point to the same port or group of ports.
Such attacks can be prevented by limiting the number of MAC addresses learned on
untrusted ports by using the port security feature.
Reference. http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6000-
series- switches/23563-143.html#causes
Q6. Which congestion-avoidance or congestion-management technique can cause
global synchronization?
A. Tail drop
B. Random early detection
C. Weighted random early detection
D. Weighted fair queuing
Answer: A
Explanation:
Tail Drop
Tail drop treats all traffic equally and does not differentiate between classes
of service. Queues fill during periods of congestion. When the output queue is
full and tail drop is in effect, packets are dropped until the congestion is
eliminated and the queue is no longer full.
Weighted Random Early Detection
WRED avoids the globalization problems that occur when tail drop is used as the
congestion avoidance mechanism on the router. Global synchronization occurs as
waves of congestion crest only to be followed by troughs during which the
transmission link is not fully utilized. Global synchronization of TCP hosts,
for example, can occur because packets are dropped all at once. Global
, synchronization manifests when multiple TCP hosts reduce their transmission
rates in response to packet dropping, then increase their transmission rates
once again when the congestion is reduced.
Reference.
http://www.cisco.com/c/en/us/td/docs/ios/12_2/qos/configuration/guide/fqos_c/qcf
conav.html#wp1 002048
Q7. Which two options are reasons for TCP starvation? (Choose two)
A. The use of tail drop
B. The use of WRED
C. Mixing TCP and UDP traffic in the same traffic class
D. The use of TCP congestion control
Answer: C,D
Explanation:
It is a general best practice to not mix TCP-based traffic with UDP-based
traffic (especially Streaming-Video) within a single service-provider class
because of the behaviors of these protocols during periods of congestion.
Specifically, TCP transmitters throttle back flows when drops are detected.
Although some UDP applications have application-level windowing, flow control,
and retransmission capabilities, most UDP transmitters are completely oblivious
to drops and, thus, never lower transmission rates because of dropping. When TCP
flows are combined with UDP flows within a single service-provider class and the
class experiences congestion, TCP flows continually lower their transmission
rates, potentially giving up their bandwidth to UDP flows that are oblivious to
drops. This effect is called TCP starvation/UDP dominance.
TCP starvation/UDP dominance likely occurs if (TCP-based) Mission-Critical Data
is assigned to the same service-provider class as (UDP-based) Streaming-Video
and the class experiences sustained congestion. Even if WRED or other TCP
congestion control mechanisms are enabled on the service-provider class, the
same behavior would be observed because WRED (for the most part) manages
congestion only on TCP-based flows.
Reference.
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/Q
oS- SRND-Book/VPNQoS.html
Q8. Refer to the exhibit.
While troubleshooting high CPU utilization of a Cisco Catalyst 4500 Series
Switch, you notice the error message that is shown in the exhibit in the log
file.
What can be the cause of this issue, and how can it be prevented?
A. The hardware routing table is full. Redistribute from BGP into IGP.
B. The software routing table is full. Redistribute from BGP into IGP.
C. The hardware routing table is full. Reduce the number of routes in the
routing table.
D. The software routing table is full. Reduce the number of routes in the
routing table.
Answer: C
Explanation:
L3HWFORWADING-2
CCIE Routing and Switching (v5.0)
Version: 15.0
Cisco 400-101 Exam
Topic 1, Network Principles
Q1. Which two options are causes of out-of-order packets? (Choose two)
A. a routing loop
B. a router in the packet flow path that is intermittently dropping packets
C. high latency
D. packets in a flow traversing multiple paths through the network
E. some packets in a flow being process-switched and others being interrupt-
switched on a transit router
Answer: D,E
Explanation:
In traditional packet forwarding systems, using different paths have varying
latencies that cause out of order packets, eventually resulting in far lower
performance for the network application. Also, if some packets are process
switched quickly by the routing engine of the router while others are interrupt
switched (which takes more time) then it could result in out of order packets.
The other options would cause packet drops or latency, but not out of order
packets.
Q2. A TCP/IP host is able to transmit small amounts of data (typically less than
1500 bytes), but attempts to transmit larger amounts of data hang and then time
out. What is the cause of this problem?
A. A link is flapping between two intermediate devices.
B. The processor of an intermediate router is averaging 90 percent utilization.
C. A port on the switch that is connected to the TCP/IP host is duplicating
traffic and sending it to a port that has a sniffer attached.
D. There is a PMTUD failure in the network path.
Answer: D
Explanation:
Sometimes, over some IP paths, a TCP/IP node can send small amounts of data
(typically less than 1500 bytes) with no difficulty, but transmission attempts
with larger amounts of data hang, then time out. Often this is observed as a
unidirectional problem in that large data transfers succeed in one direction but
fail in the other direction. This problem is likely caused by the TCP
MSS value, PMTUD failure, different LAN media types, or defective links.
Reference. http://www.cisco.com/c/en/us/support/docs/additional-legacy-
protocols/ms-windows- networking/13709-38.html
Q3. Refer to the exhibit.
ICMP Echo requests from host A are not reaching the intended destination on host
B. What is the problem?
,A. The ICMP payload is malformed.
B. The ICMP Identifier (BE) is invalid.
C. The negotiation of the connection failed.
D. The packet is dropped at the next hop.
E. The link is congested.
Answer: D
Explanation:
Here we see that the Time to Live (TTL) value of the packet is one, so it will
be forwarded to the next hop router, but then dropped because the TTL value will
be 0 at the next hop.
Q4. Refer to the exhibit.
Which statement is true?
A. It is impossible for the destination interface to equal the source interface.
B. NAT on a stick is performed on interface Et0/0.
C. There is a potential routing loop.
D. This output represents a UDP flow or a TCP flow.
Answer: C
Explanation:
In this example we see that the source interface and destination interface are
the same (Et0/0). Typically this is seen when there is a routing loop for the
destination IP address.
Q5. Which three conditions can cause excessive unicast flooding? (Choose three)
A. Asymmetric routing
B. Repeated TCNs
C. The use of HSRP
D. Frames sent to FFFF.FFFF.FFFF
E. MAC forwarding table overflow
F. The use of Unicast Reverse Path Forwarding
Answer: A,B,E
Explanation:
Causes of Flooding
The very cause of flooding is that destination MAC address of the packet is not
in the L2 forwarding table of the switch. In this case the packet will be
flooded out of all forwarding ports in its VLAN (except the port it was received
on). Below case studies display most common reasons for destination MAC address
not being known to the switch.
Cause 1: Asymmetric Routing
Large amounts of flooded traffic might saturate low-bandwidth links causing
network performance issues or complete connectivity outage to devices connected
across such low-bandwidth links.
Cause 2: Spanning-Tree Protocol Topology Changes.
Another common issue caused by flooding is Spanning-Tree Protocol (STP) Topology
Change Notification (TCN). TCN is designed to correct forwarding tables after
,the forwarding topology has changed. This is necessary to avoid a connectivity
outage, as after a topology change some destinations previously accessible via
particular ports might become accessible via different ports. TCN operates by
shortening the forwarding table aging time, such that if the address is not
relearned, it will age out and flooding will occur.
TCNs are triggered by a port that is transitioning to or from the forwarding
state. After the TCN, even if the particular destination MAC address has aged
out, flooding should not happen for long in most cases since the address will be
relearned. The issue might arise when TCNs are occurring repeatedly with short
intervals. The switches will constantly be fast-aging their forwarding tables so
flooding will be nearly constant.
Normally, a TCN is rare in a well-configured network. When the port on a switch
goes up or down, there is eventually a TCN once the STP state of the port is
changing to or from forwarding. When the port is flapping, repetitive TCNs and
flooding occurs.
Cause 3: Forwarding Table Overflow
Another possible cause of flooding can be overflow of the switch forwarding
table. In this case, new addresses cannot be learned and packets destined to
such addresses are flooded until some space becomes available in the forwarding
table. New addresses will then be learned. This is possible but rare, since most
modern switches have large enough forwarding tables to accommodate MAC addresses
for most designs.
Forwarding table exhaustion can also be caused by an attack on the network where
one host starts generating frames each sourced with different MAC address. This
will tie up all the forwarding table resources. Once the forwarding tables
become saturated, other traffic will be flooded because new learning cannot
occur. This kind of attack can be detected by examining the switch forwarding
table. Most of the MAC addresses will point to the same port or group of ports.
Such attacks can be prevented by limiting the number of MAC addresses learned on
untrusted ports by using the port security feature.
Reference. http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6000-
series- switches/23563-143.html#causes
Q6. Which congestion-avoidance or congestion-management technique can cause
global synchronization?
A. Tail drop
B. Random early detection
C. Weighted random early detection
D. Weighted fair queuing
Answer: A
Explanation:
Tail Drop
Tail drop treats all traffic equally and does not differentiate between classes
of service. Queues fill during periods of congestion. When the output queue is
full and tail drop is in effect, packets are dropped until the congestion is
eliminated and the queue is no longer full.
Weighted Random Early Detection
WRED avoids the globalization problems that occur when tail drop is used as the
congestion avoidance mechanism on the router. Global synchronization occurs as
waves of congestion crest only to be followed by troughs during which the
transmission link is not fully utilized. Global synchronization of TCP hosts,
for example, can occur because packets are dropped all at once. Global
, synchronization manifests when multiple TCP hosts reduce their transmission
rates in response to packet dropping, then increase their transmission rates
once again when the congestion is reduced.
Reference.
http://www.cisco.com/c/en/us/td/docs/ios/12_2/qos/configuration/guide/fqos_c/qcf
conav.html#wp1 002048
Q7. Which two options are reasons for TCP starvation? (Choose two)
A. The use of tail drop
B. The use of WRED
C. Mixing TCP and UDP traffic in the same traffic class
D. The use of TCP congestion control
Answer: C,D
Explanation:
It is a general best practice to not mix TCP-based traffic with UDP-based
traffic (especially Streaming-Video) within a single service-provider class
because of the behaviors of these protocols during periods of congestion.
Specifically, TCP transmitters throttle back flows when drops are detected.
Although some UDP applications have application-level windowing, flow control,
and retransmission capabilities, most UDP transmitters are completely oblivious
to drops and, thus, never lower transmission rates because of dropping. When TCP
flows are combined with UDP flows within a single service-provider class and the
class experiences congestion, TCP flows continually lower their transmission
rates, potentially giving up their bandwidth to UDP flows that are oblivious to
drops. This effect is called TCP starvation/UDP dominance.
TCP starvation/UDP dominance likely occurs if (TCP-based) Mission-Critical Data
is assigned to the same service-provider class as (UDP-based) Streaming-Video
and the class experiences sustained congestion. Even if WRED or other TCP
congestion control mechanisms are enabled on the service-provider class, the
same behavior would be observed because WRED (for the most part) manages
congestion only on TCP-based flows.
Reference.
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/Q
oS- SRND-Book/VPNQoS.html
Q8. Refer to the exhibit.
While troubleshooting high CPU utilization of a Cisco Catalyst 4500 Series
Switch, you notice the error message that is shown in the exhibit in the log
file.
What can be the cause of this issue, and how can it be prevented?
A. The hardware routing table is full. Redistribute from BGP into IGP.
B. The software routing table is full. Redistribute from BGP into IGP.
C. The hardware routing table is full. Reduce the number of routes in the
routing table.
D. The software routing table is full. Reduce the number of routes in the
routing table.
Answer: C
Explanation:
L3HWFORWADING-2
