Google Cloud Professional Cloud Network Engineer — Question 241

You have configured a single IPSec Cloud VPN tunnel for your organization to one of your customers. The VPN Tunnel Status is showing as Established; however the BGP Session Status is showing as BGP not configured. Your customer’s BGP settings are:

• Customer BGP address: 169.254.11.1/30
• Customer ASN: 64515
• Google Cloud BGP address: 169.254.11.2
• Google Cloud ASN: 64517
• MD5 Authentication: Disabled

You need to configure your local BGP session for this tunnel based on the settings provided by the third party customer. You have already associated the Cloud Router with the Cloud VPN Tunnel. What should you do?

Answer options

• A. Create a BGP session with these settings: • Peer ASN: 64517 • Advertise Route Priority (MED): 100 • Local BGP IP: 169.254.11.2 • Peer BGP IP: 169.254.11.1 • MD5 Authentication: Disabled.
• B. Create a BGP session with these settings: • Peer ASN: 64515 • Advertise Route Priority (MED): 100 • Local BGP IP: 169.254.11.1 • Peer BGP IP: 169.254.11.2 • MD5 Authentication: Disabled.
• C. Create a BGP session with these settings: • Peer ASN: 64515 • Advertise Route Priority (MED): 100 • Local BGP IP: 169.254.11.2 • Peer BGP IP: 169.254.11.1 • MD5 Authentication: Disabled.
• D. Create a BGP session with these settings: • Peer ASN: 64515 • Advertise Route Priority (MED): 1000 • Local BGP IP: 169.254.11.2 • Peer BGP IP: 169.254.11.1 • MD5 Authentication: Enabled.

Correct answer: C

Explanation

The correct answer is C, as it correctly uses the customer's ASN (64515) as the Peer ASN and assigns the local BGP IP (169.254.11.2) to match the Google Cloud configuration while using the customer's BGP IP (169.254.11.1). Options A and B are incorrect because they either use the wrong Peer ASN or Local BGP IP, while D is incorrect due to using an incorrect Advertise Route Priority and enabling MD5 Authentication, which is not required in this scenario.