BGP Prefix Paths and SD-WAN

Questions and Answers

Which direction must fec-egress be enabled in order for FortiGate to send parity packets?

• Egress (correct)
• Neither Ingress nor Egress
• Both Ingress and Egress
• Ingress

Which direction must fec-ingress be enabled in order for FortiGate to process parity packets sent by the remote FortiGate?

• Both Ingress and Egress
• Egress
• Neither Ingress nor Egress
• Ingress (correct)

What must be enabled on the firewall policy that matches the traffic you want to generate parity packets for?

• FEC (correct)
• Neither FEC nor Hardware Offloading
• Hardware Offloading
• Both FEC and Hardware Offloading

What does FortiOS automatically do on sessions that are subject to FEC?

Manually disable hardware offloading (D)

What does FortiGate use for original and parity packets when FEC is enabled?

Specific security payload index (B)

What does a packet capture taken using the example configuration show?

Original and parity packets (C)

What is the impact of FEC on the quality of IPsec overlays?

Positive impact (A)

What is the reported packet loss before enabling FEC?

27% (D)

What is the reported packet loss after increasing fec-redundant to 3?

1% (C)

What should you keep in mind when increasing the value of fec-redundant?

Increased bandwidth usage (A)

Which of the following is true about FortiGate's default behavior when advertising BGP prefixes?

FortiGate advertises one path per prefix by default. (B)

In the SD-WAN overlay deployment shown, how many paths does the hub reflect for each prefix?

One path (C)

Why is it recommended to have sites learn all available paths to all possible destinations in SD-WAN?

To ensure SD-WAN rules are not skipped. (C)

How many paths does the hub learn for the prefix 10.0.1.0/24 in the diagram on this slide?

Two paths (D)

What are the next hop addresses for the two paths learned by the hub for the prefix 10.0.1.0/24?

10.201.1.1 and 10.202.1.1 (B)

How many additional paths does the hub send in addition to the two paths it learns for the prefix 10.0.1.0/24?

Two additional paths (C)

What is the purpose of configuring the spoke to receive any additional paths sent by the neighbor?

To allow the spoke to learn all available paths for a prefix. (B)

How many routes does spoke2 receive for the prefix 10.0.1.0/24 from the hub?

Four routes (C)

What does the routing table on spoke2 show for the prefix 10.0.1.0/24?

Duplicate routes (B)

What does the hub do to the prefixes learned from clients?

Reflects the prefixes to all peers. (C)

Which command can be used to view the identified paths in FortiGate's BGP configuration?

get router info bgp network (C)

How can you control the number of selected identified paths to be advertised by the hub in FortiGate's BGP configuration?

By enabling additional-path-select setting (A)

What does FortiOS 7.0.1 and 6.4.7 do with duplicate routes in the routing table?

Consolidates them for cosmetic purposes (B)

What is the purpose of Forward Error Correction (FEC) in FortiGate's IPsec overlays?

To reduce the number of retransmissions (C)

Which command can be used to configure FEC on an IPsec overlay in FortiGate?

CLI configuration (B)

What happens if the fec-send-timeout period is reached in FortiGate's FEC configuration?

FortiGate sends the parity packets regardless of fec-base (B)

Which SPI is used for both original and parity packets in FortiGate's FEC implementation?

0x00000001 (D)

What is the purpose of parity packets in FortiGate's FEC implementation?

To contain error-correcting data (A)

Which FortiGate version introduced the consolidation of duplicate routes in the routing table?

FortiOS 7.0.0 and 6.4.7 (B)

What is the recommended use case for Forward Error Correction (FEC) in FortiGate's IPsec overlays?

Delivering a better user experience for business-critical applications (B)

Flashcards are hidden until you start studying