100% Real Cisco 640-864 Exam Questions & Answers, Accurate & Verified By IT Experts
Instant Download, Free Fast Updates, 99.6% Pass Rate
This exam was replaced by Cisco with 200-310 exam
Archived VCE files
| File | Votes | Size | Date |
|---|---|---|---|
File Cisco.Actualtests.640-864.v2015-09-14.by.Ccazarec.71q.vce |
Votes 75 |
Size 48 KB |
Date Sep 14, 2015 |
File Cisco.ActualTests.640-864.v2014-05-13.by.Gaddi.160q.vce |
Votes 423 |
Size 6.87 MB |
Date May 13, 2014 |
File Cisco.ActualTests.640-864.v2013-09-12.by.StoneCold.138q.vce |
Votes 95 |
Size 6.66 MB |
Date Sep 13, 2013 |
File Cisco.Passguide.640-864.v2013-06-17.by.Mark.342q.vce |
Votes 17 |
Size 17.13 MB |
Date Jun 18, 2013 |
File Cisco.BrainDump.640-864.v2013-02-28.by.Mark.342q.vce |
Votes 6 |
Size 17.54 MB |
Date Feb 28, 2013 |
File Cisco.Compilation.640-864.v2012-11-27.by.DD.337q.vce |
Votes 1 |
Size 14.4 MB |
Date Nov 29, 2012 |
File Cisco.ActualTests.640-864.v2012-07-05.by.meh123.260q.vce |
Votes 1 |
Size 4.83 MB |
Date Jul 05, 2012 |
Cisco 640-864 Practice Test Questions, Exam Dumps
Cisco 640-864 (Designing for Cisco Internetwork Solutions (DESGN)) exam dumps vce, practice test questions, study guide & video training course to study and pass quickly and easily. Cisco 640-864 Designing for Cisco Internetwork Solutions (DESGN) exam dumps & practice test questions and answers. You need avanset vce exam simulator in order to study the Cisco 640-864 certification exam dumps & Cisco 640-864 practice test questions in vce format.
The journey towards achieving a design-focused certification requires a strong foundational understanding of network principles and methodologies. The 640-864 Exam, officially known as Designing for Cisco Internetwork Solutions (DESGN), serves as a cornerstone for network professionals aspiring to become proficient network designers. This examination tests a candidate's ability to translate business requirements into scalable, reliable, and secure network designs. It is not merely about configuring devices, but about understanding the 'why' behind the architecture. Passing this exam demonstrates a grasp of structured design principles that are applicable across various network environments, from small businesses to large enterprises.
Acing the 640-864 Exam requires more than just memorizing facts; it demands a comprehensive understanding of how different technologies and protocols fit together to create a cohesive and functional network. This initial part of our series will lay the groundwork for your study plan. We will deconstruct the exam's core objectives, introduce the fundamental design models and lifecycles endorsed by industry leaders, and outline the initial steps for characterizing existing networks. By focusing on these basics first, you build a solid mental framework upon which more complex topics like data center, security, and voice design can be layered in subsequent parts of this guide.
The first step in preparing for any certification, including the 640-864 Exam, is to thoroughly analyze the official exam blueprint. This document is the definitive guide to what you can expect on the test, outlining the specific domains of knowledge and their relative weighting. Ignoring the blueprint is akin to navigating without a map. It details the precise topics you need to master, allowing you to focus your study time efficiently. By understanding which areas carry more weight, you can prioritize your learning and ensure you are well-prepared for the sections that will have the most significant impact on your final score.
The blueprint for the 640-864 Exam is typically broken down into several key domains. These often include network design methodologies, such as the PPDIOO lifecycle, and designing different parts of the enterprise network, like the campus, the data center, and the WAN edge. Each domain is assigned a percentage, indicating its importance on the exam. For example, a significant portion might be dedicated to designing network services like security, voice, and wireless. Carefully reviewing these sections allows you to create a personalized study schedule that allocates more time to heavily weighted topics or areas where you feel your knowledge is weakest.
This structured approach ensures that you cover all the necessary ground before exam day. You can use the blueprint as a checklist, tracking your progress through each topic. This methodical preparation not only builds knowledge but also boosts confidence. As you master each section of the blueprint for the 640-864 Exam, you will be systematically building the expertise required to think like a network designer. This analytical skill is precisely what the exam is designed to validate, moving beyond simple configuration commands to a higher level of architectural understanding.
Success in the 640-864 Exam is built upon a solid understanding of core network design principles. These principles are timeless concepts that guide the creation of robust, flexible, and efficient networks. The three most important principles are hierarchy, modularity, and scalability. A hierarchical design structures the network into distinct layers, such as the core, distribution, and access layers. This approach simplifies the network, contains failures to smaller domains, and makes troubleshooting more predictable. Each layer has a specific function, preventing the need for complex, mesh-like connections that are difficult to manage and scale.
Modularity is the principle of breaking down the network into functional blocks or modules. For example, you might have a campus module, a data center module, and a WAN edge module. Each module can be designed and upgraded independently without affecting the others. This approach enhances flexibility and allows for easier implementation of new services. When a new technology needs to be introduced, it can be tested and deployed within a single module first. This containment strategy minimizes risk and simplifies the overall management of the enterprise network, a key consideration tested in the 640-864 Exam.
Scalability refers to the network's ability to grow without requiring a complete redesign. A scalable design can accommodate more users, new applications, and additional sites with minimal disruption. This is achieved through careful planning, such as using hierarchical addressing schemes, choosing extensible routing protocols, and avoiding design limitations that could create bottlenecks in the future. Resiliency, the ability to maintain connectivity during a failure, is also a critical principle. This is often achieved through redundancy in links and devices. Understanding how these principles interrelate is fundamental to answering design-oriented questions on the exam correctly.
A structured methodology is essential for successful network design, and the 640-864 Exam places significant emphasis on the Cisco-endorsed PPDIOO lifecycle. PPDIOO stands for Prepare, Plan, Design, Implement, Operate, and Optimize. This iterative process ensures that all aspects of a network's life are considered, from initial conception to ongoing improvement. The Prepare phase involves establishing the business requirements, developing a network strategy, and proposing a high-level conceptual architecture. It is about understanding the business goals before any technical solutions are considered. This initial step ensures that the final design is aligned with the organization's objectives.
Following the Prepare phase, the Plan phase focuses on identifying the specific network requirements needed to support the goals defined earlier. This involves project management tasks such as defining project scope, allocating resources, and creating a schedule. A key output of this phase is a clear set of deliverables and success criteria. The Design phase is where the detailed technical solution is created. This includes selecting technologies, creating network diagrams, developing an IP addressing plan, and specifying hardware and software. This phase is the technical core of the lifecycle and a major focus of the 640-864 Exam.
The Implement phase is where the design is actually built and deployed. This involves configuring devices, installing hardware, and verifying connectivity. After implementation, the network enters the Operate phase, which represents its day-to-day management. This includes monitoring network health, troubleshooting issues, and managing performance. Finally, the Optimize phase involves proactively identifying and resolving potential issues before they impact the network. It often involves analyzing performance data and may lead back to the Design phase to make improvements, highlighting the cyclical nature of the PPDIOO model. Understanding each phase is crucial for exam success.
Before you can design a new network or upgrade an existing one, you must have a deep understanding of the current infrastructure. The process of characterizing an existing network is a critical skill tested in the 640-864 Exam. This involves a thorough audit of the network to gather information about its topology, traffic flows, and performance. This baseline data is essential for making informed design decisions. The audit should include creating an inventory of all network devices, such as routers, switches, and firewalls, and documenting their configurations and software versions.
The next step is to analyze the logical topology, which includes the IP addressing scheme, VLAN configurations, and routing protocol domains. Understanding how the network is logically segmented is crucial for planning any changes. It is also important to map out traffic patterns. Using tools like NetFlow or packet sniffers, you can identify the major applications running on the network, determine who is talking to whom, and measure the volume of traffic between different segments. This information helps in identifying existing bottlenecks and planning for future capacity needs.
Furthermore, a comprehensive network characterization assesses the health and performance of the current network. This involves measuring key metrics like latency, jitter, and packet loss, especially if real-time applications like voice or video are in use. A performance baseline helps in defining the service level requirements for the new design. By thoroughly documenting the state of the existing network, a designer can identify its strengths and weaknesses, understand business and technical constraints, and create a new design that effectively addresses the organization's needs, a core competency for the 640-864 Exam.
When approaching a network design project, engineers can follow two primary methodologies: the top-down approach and the bottom-up approach. The 640-864 Exam curriculum strongly favors the top-down approach, as it aligns better with creating designs that serve business needs. The top-down approach begins at the highest layer of the OSI model, the Application layer. It starts by identifying the applications and services the network must support and understanding the business goals and constraints. The design process then works its way down the OSI stack, making technical decisions based on these initial requirements.
This methodology ensures that the final network architecture is built for a specific purpose. By focusing on the needs of the users and applications first, designers can select the appropriate technologies and create a network that delivers the required performance, availability, and security. For instance, if a primary business requirement is to support high-quality video conferencing, the design will prioritize low latency and Quality of Service (QoS) from the outset. This contrasts sharply with a bottom-up approach, which often leads to over-engineering or a network that fails to meet critical business needs.
The bottom-up approach, on the other hand, starts with the physical infrastructure at the lower layers of the OSI model. A designer using this method might select specific devices or link speeds based on available technology or personal preference, and then try to make the applications work over that infrastructure. While this can sometimes be useful for small network upgrades or troubleshooting specific problems, it is not a suitable methodology for a complete network design. The 640-864 Exam will expect you to understand the benefits of the top-down model and apply its principles to design scenarios.
The most successful network designs are those that are tightly aligned with the goals of the business. Therefore, a critical skill for any network designer, and a key topic for the 640-864 Exam, is the ability to gather and analyze business requirements effectively. This process begins by engaging with all relevant stakeholders, from business leaders and department managers to the end-users and IT support staff. The goal is to understand not just what they need from the network today, but also what their plans are for the future. This requires excellent communication and listening skills.
During this discovery phase, it is important to distinguish between business goals and technical requirements. A business goal might be to "improve collaboration between remote offices," while a technical requirement might be to "implement a video conferencing solution with less than 150ms of latency." The designer's job is to translate those high-level business goals into specific, measurable technical specifications. It is also crucial to identify constraints, which can be financial (the project budget), political (company policies), or technical (legacy systems that must be supported).
Once the information is gathered, it must be analyzed and documented. This documentation serves as the foundation for the entire design project. It should clearly outline the scope of the project, the business and technical goals, and all identified constraints. This document ensures that everyone involved has a shared understanding of the project's objectives. For the 640-864 Exam, you will need to demonstrate your ability to interpret business needs from a given scenario and use them to make sound design choices, proving you can build a network that provides real value to the organization.
Embarking on your study journey for the 640-864 Exam requires a well-defined strategy and the right collection of resources. The cornerstone of your preparation should be the official certification guide published for the exam. These books are specifically written to cover the exam blueprint in detail, providing explanations of key concepts, design examples, and practice questions. Reading the official guide from cover to cover should be your first objective. It will provide the breadth of knowledge needed and structure your learning process around the official curriculum.
Beyond the main textbook, it is highly beneficial to consult supplementary materials. White papers and design guides from technology vendors offer deep dives into specific topics like data center architecture or secure network design. These documents often provide real-world context and best practices that go beyond what is covered in a general textbook. Additionally, online video training courses can be an excellent way to reinforce your learning. Watching an instructor explain complex topics can provide new insights and help solidify your understanding of difficult concepts.
Creating a structured study schedule is paramount. Break down the 640-864 Exam blueprint into manageable chunks and allocate specific weeks or days to each topic. Stick to your schedule and incorporate regular review sessions to ensure you retain information. As you progress, start incorporating practice exams into your routine. These will help you get accustomed to the question format, manage your time effectively, and identify areas where you need more study. A combination of reading, watching, and practicing is the most effective strategy for success.
While the 640-864 Exam is focused on design theory and principles, hands-on experience is invaluable for reinforcing the concepts you learn. Setting up a lab environment allows you to experiment with different technologies and see the practical implications of your design choices. For a design-focused exam, the lab's purpose is not just about mastering command-line syntax but about understanding how protocols and features interact to form a cohesive system. You have several options for building a lab, ranging from physical hardware to entirely virtual solutions.
Using physical equipment can be beneficial as it provides experience with real-world hardware. However, it can be expensive, consume a lot of power, and may be difficult to acquire for studying advanced data center or security technologies. A more practical and popular option is to use network simulation or emulation software. Simulators like Packet Tracer are excellent for learning the basics, but they may not support all the advanced features needed for a design-level exam. Emulators offer a more robust solution.
Network emulators such as GNS3 or EVE-NG allow you to run the actual operating system images from network devices in a virtual environment. This provides a very realistic lab experience, enabling you to build complex topologies that span multiple technologies covered in the 640-864 Exam. You can create hierarchical campus networks, test routing protocol interactions, and configure WAN connectivity. Spending time in a virtual lab building and testing the designs you are studying will transform theoretical knowledge into practical, applicable skills, which will be immensely helpful during the exam.
Welcome to the second part of our comprehensive guide for the 640-864 Exam. In the previous section, we established the fundamental principles of network design, including the importance of a structured methodology like PPDIOO and the core concepts of hierarchy and modularity. We emphasized that a successful design always starts with a clear understanding of business requirements. These foundational ideas are the bedrock upon which all specific technical knowledge is built. Without this grounding, it is easy to get lost in the details of protocols and hardware specifications.
Now, we will apply those principles to two of the most significant environments in any enterprise network: the campus and the data center. These two areas have distinct functions, traffic patterns, and design requirements. The campus network is focused on providing reliable and secure connectivity for end-users and their devices, while the data center is the heart of the organization's application and data storage infrastructure. A thorough understanding of how to design both is absolutely essential for success on the 640-864 Exam. This section will provide a detailed exploration of the models, architectures, and technologies used in each environment.
The hierarchical campus design model is a cornerstone of enterprise networking and a key topic for the 640-864 Exam. This model organizes the network into three distinct functional layers: the access layer, the distribution layer, and the core layer. This layered approach creates a highly structured and deterministic network that is scalable, resilient, and easy to troubleshoot. Each layer has a specific set of roles and responsibilities, which prevents the network from becoming an unmanageable mesh of interconnected devices. This clear separation of function is the primary benefit of the hierarchical model.
The access layer is where end-user devices, such as PCs, IP phones, and wireless access points, connect to the network. Its primary function is to provide Layer 2 connectivity into the rest of the network. The distribution layer serves as the aggregation point for all the access layer switches. This layer is the crucial boundary between Layer 2 and Layer 3, where routing, policy enforcement, and Quality of Service (QoS) are typically implemented. It intelligently forwards traffic up to the core layer or to other distribution blocks, ensuring that traffic does not unnecessarily traverse the network backbone.
The core layer, also known as the backbone, is responsible for transporting large amounts of traffic quickly and reliably between different parts of the network, such as between distribution blocks or to the data center and WAN edge. The core should be designed for high speed, high availability, and low latency. It should be kept as simple as possible, avoiding complex policy implementation which should be handled at the distribution layer. Understanding the specific role of each of these three layers and how they interact is fundamental to designing a robust and scalable campus network.
The access layer is the entry point to the network for all users and devices, making its design critical for both performance and security. When designing the access layer for the 640-864 Exam, a key consideration is providing sufficient port density to connect all end devices. Switches in this layer must also support features essential for the modern workplace. Power over Ethernet (PoE) is a primary example, as it is required to power devices like IP phones and wireless access points directly over the Ethernet cable, simplifying cabling and power management.
VLANs are used extensively at the access layer to segment traffic into separate broadcast domains. For example, it is a common best practice to place user data, voice traffic, and management traffic into separate VLANs. This segmentation improves security and performance by containing broadcasts and allowing for different policies to be applied to each type of traffic. Security is paramount at this layer, as it is the most vulnerable part of the network. Features like port security should be implemented to restrict access to switch ports to only authorized MAC addresses, preventing unauthorized device connections.
High availability is also a consideration at the access layer. While individual user connections may not be as critical as a core link, providing resilient connectivity is still important. This is typically achieved by connecting each access layer switch to two different distribution layer switches. This dual-homing strategy, combined with a spanning tree protocol or link aggregation, ensures that if one distribution switch or link fails, traffic can be rerouted through the second path with minimal disruption to the end-users. Proper planning at this layer forms the foundation of a stable user experience.
The distribution layer acts as the brain of the campus network, and its design is a frequent focus of questions on the 640-864 Exam. This layer is the primary boundary between the Layer 2 domains of the access layer and the Layer 3 routed network. It aggregates the wiring closets from the access layer and provides a resilient, policy-enforced path to the core. One of its main functions is to perform route summarization. By summarizing the routes from the access layer blocks, it reduces the size of the routing tables in the core layer, improving stability and performance.
This is the ideal place in the network to implement policies. Access Control Lists (ACLs) can be applied here to filter traffic between different VLANs or subnets, enforcing security policies without burdening the high-speed core. Quality of Service (QoS) policies are also typically implemented at the distribution layer, where traffic can be classified, marked, and queued to ensure that critical applications like voice and video receive priority treatment. The distribution layer's position between the access and core layers makes it the perfect control point for traffic flowing through the campus.
Redundancy is absolutely critical at the distribution layer. A failure here could isolate an entire block of users. This is achieved by deploying distribution switches in redundant pairs. Each access switch connects to both switches in the pair. To provide a redundant default gateway for end-user devices, a First Hop Redundancy Protocol (FHRP) like HSRP, VRRP, or GLBP is used. These protocols create a virtual gateway address that can float between the two physical distribution switches, ensuring seamless failover if one of the switches goes down. A well-designed distribution layer is key to a resilient network.
The campus core layer is the high-speed backbone of the network. Its single purpose is to switch packets as fast as possible. Any failure or performance issue in the core can have a catastrophic impact on the entire enterprise, so its design must prioritize speed, reliability, and scalability. A key principle for the 640-864 Exam is to keep the core layer simple. Complex packet manipulations, such as those from ACLs or QoS policies, should be avoided here. The core's job is not to inspect traffic but to forward it to its destination with minimal delay.
To achieve high performance, the core is built using high-capacity switches with a fast switching fabric and support for hardware-based forwarding, such as Cisco Express Forwarding (CEF). The links connecting the core to the distribution layer blocks should be high-bandwidth, typically 10 Gbps, 40 Gbps, or even 100 Gbps, and should be provisioned with enough capacity to handle aggregated traffic without congestion. Redundancy is non-negotiable. A common design is a collapsed core for smaller networks or a redundant pair of core switches for larger enterprises, with diverse fiber paths for all critical links.
The choice of routing protocol in the core is also an important design consideration. The protocol should be able to converge very quickly in the event of a link or node failure to minimize downtime. Advanced features of protocols like OSPF or EIGRP, such as fast convergence timers, are often tuned to meet the high-availability requirements of the core. Route summarization from the distribution layer is crucial to keep the core's routing table small and stable. A well-designed core is a simple, fast, and highly resilient backbone for the entire campus network.
The data center has evolved dramatically from a simple server room to a complex, virtualized environment that is the nerve center of modern business. Designing a data center network, a significant topic for the 640-864 Exam, requires a different mindset than designing a campus network. While campus traffic is predominantly north-south (from user to the internet or data center), data center traffic is increasingly east-west (from server to server within the data center). This shift is driven by modern multi-tier applications and virtualization, where different components of an application communicate extensively with each other.
The traditional three-tier hierarchical model (core, aggregation, access) used in the campus can be inefficient for this east-west traffic. In this model, traffic between two servers in different racks might have to travel all the way up to the aggregation layer and back down, introducing latency and creating potential bottlenecks. While this model still exists, it has limitations in a highly virtualized and scalable data center. The design must accommodate the unique needs of this environment, including high bandwidth, low latency, and the ability to support massive amounts of server-to-server communication.
Key considerations in data center design include support for virtualization and storage. Network services must be able to integrate with hypervisors to provide connectivity and security for virtual machines. Storage networking is also a critical component. The network must be designed to handle storage traffic from protocols like iSCSI or Fibre Channel over Ethernet (FCoE) without impacting the performance of other applications. High availability is paramount, as downtime in the data center can halt business operations entirely. The design must incorporate redundancy at every level, from individual components to entire data center sites.
To address the challenges of east-west traffic patterns in modern data centers, the spine-and-leaf architecture has become the de facto standard. This topology, which is a critical concept for the 640-864 Exam, is a two-layer design that fundamentally changes how traffic flows. The architecture consists of two types of switches: leaf switches and spine switches. Servers and other devices connect to the leaf switches. Each leaf switch then connects to every single spine switch in the fabric. There are no connections between leaf switches or between spine switches.
This design creates a highly efficient and predictable network fabric. The path from any server to any other server is always the same length: from the source server to its leaf switch, up to a spine switch, and down to the destination server's leaf switch. This consistency results in low and predictable latency, which is critical for modern applications. Because every leaf is connected to every spine, the fabric has a massive amount of bandwidth and can easily handle large volumes of east-west traffic. Equal-Cost Multi-Pathing (ECMP) is used to load-balance traffic across all the available paths.
The spine-and-leaf architecture is also incredibly scalable. To increase bandwidth, you can simply add more spine switches. To increase port capacity for more servers, you can add more leaf switches. This ability to scale out horizontally is a major advantage over the traditional three-tier model. The design is also very resilient. If any single spine switch fails, the overall fabric capacity is only slightly degraded, and traffic is automatically rerouted over the remaining paths. Understanding the principles and benefits of this architecture is essential for data center design questions.
In any data center, the network is not just for application traffic; it is also a critical transport for storage. The design of the storage network is a specialized topic covered within the 640-864 Exam. Historically, storage traffic was often carried on a completely separate network, typically using the Fibre Channel protocol. While dedicated Fibre Channel networks are still used, there has been a significant trend towards converging storage and data traffic onto a single, unified Ethernet network. This simplifies the infrastructure and can reduce costs.
Several protocols enable storage traffic over an IP network. The most common is iSCSI, which encapsulates SCSI commands into IP packets. Another important technology is Fibre Channel over Ethernet (FCoE), which allows Fibre Channel frames to be transported directly over an enhanced Ethernet network. To support these storage protocols effectively, the network must be designed to be lossless. Standard Ethernet can drop packets during times of congestion, which is unacceptable for storage traffic. Technologies like Data Center Bridging (DCB) provide enhancements to Ethernet, such as Priority-based Flow Control, to prevent packet loss.
When designing a converged network, it is crucial to provision enough bandwidth to handle both regular data traffic and bursty storage traffic. Quality of Service (QoS) must be implemented to prioritize the latency-sensitive storage traffic and guarantee it a minimum amount of bandwidth. The physical design of the network, especially in a spine-and-leaf architecture, must ensure there are low-latency, high-bandwidth paths from the servers to the storage arrays. A well-designed storage network is fundamental to application performance in the data center.
Server virtualization has revolutionized the data center, and its impact on network design is a key topic for the 640-864 Exam. In a virtualized environment, a single physical server can host dozens of virtual machines (VMs). Each of these VMs requires its own network connectivity. This is handled by a virtual switch (vSwitch) that runs inside the hypervisor on the physical server. The vSwitch is responsible for switching traffic between VMs on the same host and connecting them to the physical network via the server's network interface cards (NICs).
This introduces new layers of complexity for the network designer. Policies for security and QoS that were traditionally applied on physical switch ports now need to be applied at the virtual port level. The rapid creation, deletion, and movement of VMs (using features like vMotion) means the network configuration must be dynamic and automated. This has led to the development of network overlay technologies, such as Virtual Extensible LAN (VXLAN). VXLAN creates a logical Layer 2 network that is tunneled over the underlying Layer 3 physical network (the underlay).
VXLAN allows for massive scalability, supporting millions of logical networks, far more than the 4094 limit of traditional VLANs. It also decouples the logical network from the physical network. This means VMs can be moved anywhere in the data center fabric without needing to reconfigure the physical network, as long as there is Layer 3 connectivity. Understanding the relationship between the physical underlay (like a spine-and-leaf fabric) and the virtual overlay (like VXLAN) is critical for designing a modern, agile, and scalable data center network.
Downtime in the data center can be extraordinarily costly, making high availability the single most important design goal. For the 640-864 Exam, you must be able to design a network that is resilient to all types of failures. Redundancy must be built in at every single level of the architecture. At the device level, this means using switches and routers with redundant power supplies and fan trays. These components should be hot-swappable, allowing for replacement without taking the device offline.
At the network link level, redundancy is achieved through link aggregation. Multiple physical links between two devices can be bundled together into a single logical link, known as a PortChannel or EtherChannel. This not only increases the available bandwidth but also provides resilience. If one of the physical links in the bundle fails, traffic is automatically redistributed over the remaining links. This is used extensively for connections between leaf and spine switches and for connecting servers with multiple NICs to the leaf switches.
At the device or node level, redundancy is inherent in architectures like spine-and-leaf, where the loss of a single switch has minimal impact. For connecting to the outside world or other parts of the network, technologies like virtual PortChannels (vPC) or Multi-Chassis EtherChannel (MEC) allow a downstream device to form a PortChannel with two different upstream switches, providing both link and device redundancy. Finally, for the ultimate in availability, organizations may use Data Center Interconnect (DCI) technologies to connect two or more geographically separate data centers, allowing for complete site-level failover.
In the preceding part, we conducted a deep dive into the specific design requirements for enterprise campus and data center environments. We contrasted the traditional three-tier hierarchical model of the campus with the modern spine-and-leaf architecture prevalent in data centers. Key technologies such as virtualization overlays with VXLAN and methods for ensuring high availability were explored in detail. This knowledge of the internal network provides the context needed to now consider how the enterprise securely and efficiently connects to the outside world, which is a critical aspect of the 640-864 Exam.
This third part of our series will shift focus to the enterprise edge. We will explore the design of the Wide Area Network (WAN), which connects the main campus to branch offices and remote workers. Securing this distributed network is of paramount importance, so we will delve into the principles of security design, including the placement of firewalls and the architecture of secure Virtual Private Networks (VPNs). Finally, we will cover Quality of Service (QoS), the set of tools and techniques used to ensure that critical applications perform reliably across these complex networks. A comprehensive network design must seamlessly integrate these three vital components.
The Wide Area Network (WAN) module connects the enterprise to its branch offices, remote workers, and the internet. Designing this module is a core competency tested on the 640-864 Exam. The choice of WAN connectivity technology is one of the first and most important decisions. Traditional options like leased lines have largely been replaced by more flexible and cost-effective solutions. Multiprotocol Label Switching (MPLS) is a popular choice offered by service providers. It creates a private, any-to-any Layer 3 VPN, providing reliable performance and security for inter-site traffic.
For organizations looking for more flexibility or cost savings, internet-based VPNs are a common alternative. Technologies like Dynamic Multipoint VPN (DMVPN) allow for the creation of a scalable and secure overlay network on top of the public internet. DMVPN simplifies the configuration of site-to-site VPNs and can enable direct communication between branch offices without having to route traffic through the central headquarters, which is known as a hub-and-spoke topology. This improves performance and reduces latency for inter-branch applications.
The design must also consider redundancy and failover. A common strategy is to use a primary MPLS link for critical business traffic and a secondary, lower-cost internet link as a backup. The routing protocol can be configured to automatically fail over to the internet link if the primary MPLS connection goes down. More advanced designs, often categorized under Software-Defined WAN (SD-WAN), can use multiple links simultaneously, intelligently routing application traffic over the best-performing path based on real-time measurements of latency and packet loss. Understanding these trade-offs is crucial for the exam.
Designing connectivity for branch offices and remote workers presents a unique set of challenges that are often tested on the 640-864 Exam. The goal is to provide a consistent and secure user experience, regardless of location. For branch offices, the design involves selecting an appropriate router that can support the required WAN connectivity, VPN termination, and local services like DHCP and DNS. The size of the branch, the number of users, and the criticality of the applications will determine the choice of hardware.
A key design decision is whether to backhaul all internet traffic from the branch to the central site for security inspection or to allow for a direct internet exit at the branch, a concept known as split-tunneling. Backhauling everything simplifies security management, as all policies are enforced at a central location. However, it can introduce latency for cloud-based applications and consume expensive WAN bandwidth. A split-tunneling approach improves performance for cloud services but requires implementing security controls, like a firewall, at each branch location.
For individual remote workers, the most common solution is a client-based remote access VPN. This allows users to establish a secure, encrypted tunnel from their laptop to the corporate network over the public internet. The design of the VPN concentrator at the head office must be scalable enough to handle the expected number of concurrent users. Considerations like authentication methods, typically integrated with a corporate directory, and endpoint security posture checks are also important parts of a comprehensive remote access solution.
Network security is not a feature that can be added as an afterthought; it must be an integral part of the design process from the very beginning. The 640-864 Exam will test your ability to incorporate security principles into your network architectures. The foundational concept is defense-in-depth. This is the strategy of implementing multiple layers of security controls throughout the network. The idea is that if one layer of defense is breached, there are still other layers in place to protect critical assets.
A key part of this strategy is network segmentation. By dividing the network into different security zones, such as a user zone, a data center zone, and a demilitarized zone (DMZ) for public-facing servers, you can control the flow of traffic between them. Firewalls are placed at the boundaries of these zones to enforce access policies. This prevents an attacker who compromises a low-security system, like a user's workstation, from being able to easily access high-value targets in the data center.
The principle of least privilege should be applied everywhere. This means that users, devices, and applications should only be granted the minimum level of access necessary to perform their required functions. This is enforced through a combination of technologies, including Access Control Lists (ACLs), firewall rules, and identity-based access control systems. A secure design also includes robust monitoring and logging, allowing security teams to detect and respond to potential threats in a timely manner.
Firewalls are the primary tool for enforcing security policies at the boundaries of network zones. A critical design decision, and a common topic for the 640-864 Exam, is the placement of these firewalls. Typically, a firewall is placed at the internet edge to protect the entire enterprise network from external threats. Additional firewalls are often placed between the campus network and the data center to protect critical servers, and at the edge of the DMZ to control access to public-facing services.
There are different types of firewalls, and the choice depends on the specific security requirements. Stateful firewalls, the most common type, track the state of active connections and make filtering decisions based on the context of the traffic. Next-Generation Firewalls (NGFWs) add more advanced capabilities, such as application awareness, allowing you to create policies based on the specific application (e.g., block Facebook but allow Salesforce) rather than just on port numbers. They also often integrate other security services.
Intrusion Prevention Systems (IPS) provide an additional layer of protection. While firewalls typically block traffic based on source, destination, and port, an IPS analyzes the content of the traffic to look for known attack signatures or anomalous behavior. An IPS can be deployed as a standalone appliance or as an integrated module within an NGFW. When designing an IPS solution, it is important to place it where it can inspect the most relevant traffic, such as behind the main internet firewall, to detect and block attacks before they reach internal systems.
Virtual Private Networks (VPNs) are essential for securing data as it travels over untrusted networks like the internet. The 640-864 Exam requires a solid understanding of VPN design principles. There are two main types of VPNs: site-to-site and remote access. A site-to-site VPN creates a permanent, secure tunnel between two network locations, such as between the headquarters and a branch office. A remote access VPN, as discussed earlier, provides on-demand connectivity for individual users.
The most common technology used to build these VPNs is IPsec. IPsec is a framework of open standards that provides confidentiality, integrity, and authentication for IP packets. It uses protocols like Authentication Header (AH) and Encapsulating Security Payload (ESP) to secure the data. The Internet Key Exchange (IKE) protocol is used to negotiate the security parameters and establish the secure tunnel between the VPN endpoints. A designer must choose the appropriate encryption algorithms (like AES) and hashing algorithms (like SHA) to meet the organization's security requirements.
When designing a large-scale site-to-site VPN, scalability is a major concern. A full-mesh topology, where every site has a direct tunnel to every other site, can become a configuration nightmare as the number of sites grows. This is where scalable VPN architectures like DMVPN come into play. DMVPN uses a hub-and-spoke model with the ability to create dynamic, on-demand tunnels directly between spokes, combining the simplicity of a hub-and-spoke design with the performance benefits of a mesh topology.
As networks converge to carry voice, video, and data over a single infrastructure, Quality of Service (QoS) becomes an essential design component. QoS refers to the tools and techniques used to manage network resources and ensure that time-sensitive applications receive priority treatment. The 640-864 Exam will expect you to understand why QoS is needed and how to design a basic QoS policy. Without QoS, all packets are treated with the same priority in a first-in, first-out manner. This can be disastrous for real-time applications.
There are three main network characteristics that QoS aims to manage. The first is bandwidth, which is the amount of data that can be transmitted over a link in a given amount of time. The second is delay or latency, which is the time it takes for a packet to travel from its source to its destination. The third is jitter, which is the variation in delay between packets. Voice and video traffic are very sensitive to both delay and jitter. A well-designed QoS policy can guarantee bandwidth, minimize delay, and control jitter for these critical applications.
The fundamental challenge that QoS addresses is network congestion. Congestion occurs when more traffic is sent over a link than it can handle, causing packets to be queued or dropped. QoS provides a way to intelligently manage these queues, ensuring that high-priority packets are sent first and are less likely to be dropped. This allows the network to provide a predictable and reliable user experience for all applications, even during periods of high traffic load.
There are two primary architectural models for implementing QoS, and you should understand the difference between them for the 640-864 Exam. The first is the Integrated Services (IntServ) model. IntServ is a signaling-based model where applications explicitly request a certain level of service from the network before sending data. The Resource Reservation Protocol (RSVP) is used for this signaling. If the network has sufficient resources to meet the request, it reserves them for that specific traffic flow.
The main advantage of IntServ is that it can provide a very strong, per-flow service guarantee. However, it has significant scalability issues. Every router in the path must process the RSVP requests and maintain state for every single reserved flow. In a large enterprise network with thousands of flows, this creates a huge amount of overhead and is not practical to implement. For this reason, IntServ is rarely used in large-scale networks.
The Differentiated Services (DiffServ) model is the far more common and scalable approach. Instead of using signaling, DiffServ uses a class-based model. Traffic is classified into a small number of predefined classes, and each packet is marked with a value that indicates its class. This marking is typically done using the Differentiated Services Code Point (DSCP) field in the IP header. Network devices then use this marking to apply the appropriate QoS treatment (such as priority queuing) to the packet. The DiffServ model is much more scalable because routers only need to understand the different classes, not maintain state for every individual flow.
Designing an effective QoS policy, a key skill for the 640-864 Exam, involves a three-step process: classify, mark, and apply policy. The first step is to identify the different types of traffic on your network and classify them into logical groups. For example, you might create classes for voice, video, transactional data, and bulk data. This classification can be based on various criteria, such as the source or destination IP address, the protocol and port numbers, or by using deep packet inspection to identify the specific application.
Once the traffic is classified, it must be marked. Marking involves setting the DSCP value in the IP header of each packet to indicate its class. It is a best practice to perform this marking as close to the source of the traffic as possible, typically on the access layer switches. This ensures that the marking is consistent and can be trusted by all other devices in the network. For example, voice traffic from an IP phone could be marked with the DSCP value of Expedited Forwarding (EF), which is the standard recommendation for real-time traffic.
The final step is to configure the network devices, particularly at congestion points like WAN links, to apply QoS policies based on these markings. This involves configuring queuing mechanisms. For instance, you could configure a Low Latency Queue (LLQ) for the voice traffic marked with EF, guaranteeing it priority and low delay. Other queues could be configured to provide a certain percentage of the bandwidth to other traffic classes. Tools like policing and shaping can also be used to rate-limit traffic and smooth out bursts.
The implementation of QoS policies can vary depending on the part of the network, a nuance you should appreciate for the 640-864 Exam. In the campus LAN, bandwidth is typically abundant, and congestion is less common. The primary role of QoS in the campus is to properly classify and mark traffic as it enters the network. Access layer switches should be configured to trust the markings from devices like IP phones and to mark traffic from untrusted devices like user PCs. This ensures that a solid QoS foundation is established from the edge.
The WAN is where QoS is most critical, as WAN links are almost always the biggest bandwidth bottleneck in the enterprise network. It is on the WAN edge routers that the most complex QoS policies are applied. These routers will have queuing strategies configured to service the different traffic classes according to their priority. The Low Latency Queue for voice, for example, will always be serviced first. Other queues might be configured using a system like Class-Based Weighted Fair Queuing (CBWFQ), which guarantees a certain percentage of the link's bandwidth to each class.
It is also important to have a consistent end-to-end QoS strategy. The DSCP markings applied in the campus should be understood and honored across the WAN. If you are using an MPLS service provider, they will often have their own QoS offerings that can map your internal DSCP values to their own QoS classes within the MPLS cloud. Coordinating with the service provider is a key part of designing a successful WAN QoS solution that delivers a predictable application experience to users in branch offices.
Go to testing centre with ease on our mind when you use Cisco 640-864 vce exam dumps, practice test questions and answers. Cisco 640-864 Designing for Cisco Internetwork Solutions (DESGN) certification practice test questions and answers, study guide, exam dumps and video training course in vce format to help you study with ease. Prepare with confidence and study using Cisco 640-864 exam dumps & practice test questions and answers vce from ExamCollection.
Top Cisco Certification Exams
Site Search:
SPECIAL OFFER: GET 10% OFF
Pass your Exam with ExamCollection's PREMIUM files!
SPECIAL OFFER: GET 10% OFF
Use Discount Code:
MIN10OFF
A confirmation link was sent to your e-mail.
Please check your mailbox for a message from support@examcollection.com and follow the directions.
Download Free Demo of VCE Exam Simulator
Experience Avanset VCE Exam Simulator for yourself.
Simply submit your e-mail address below to get started with our interactive software demo of your free trial.