- A
The VPN tunnel's MTU is set to 1500 bytes, but BGP packets are larger and are being fragmented.
Why wrong: Fragmentation does not cause hold timer expiry.
- B
The Cloud Router's BGP keepalive interval is set to 30 seconds, while the on-premises router is using 10 seconds.
Why wrong: The keepalive interval should be consistent; the hold timer is three times the keepalive interval by default.
- C
The on-premises router's BGP hold timer is set to 30 seconds, but the Cloud Router's hold timer is set to 180 seconds.
If the remote side sends keepalives less frequently than the local hold timer, the session drops.
- D
The on-premises router is advertising too many routes, causing the Cloud Router to run out of memory.
Why wrong: Route advertisement does not trigger hold timer expiration.
Quick Answer
The answer is a BGP hold timer mismatch, where the on-premises router’s hold timer of 30 seconds conflicts with the Cloud Router’s 180-second setting. This mismatch causes BGP flapping because the hold timer defines the maximum interval a router waits for a keepalive or update before declaring the session dead; the on-premises router expects keepalives every 10 seconds (one-third of its hold time), but the Cloud Router sends them at its own negotiated interval—often 60 seconds—which exceeds the 30-second window, triggering a “Hold timer expired” notification. On the Google Professional Cloud Network Engineer exam, this scenario tests your understanding that BGP session stability depends on matching hold timers, even when the underlying VPN tunnel is healthy—a common trap where candidates blame the tunnel instead of the BGP configuration. Remember the memory tip: “Hold your horses—timers must match, or the session will scratch.”
PCNE Implementing hybrid interconnectivity Practice Question
This PCNE practice question tests your understanding of implementing hybrid interconnectivity. The scenario asks you to isolate a root cause — eliminate options that address a different problem before choosing. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.
A company has set up a Cloud VPN with dynamic routing (BGP) between their on-premises network (AS 65001) and Google Cloud (AS 64514). They are using Cloud Router with a regional dynamic routing mode. The on-premises router is advertising a subnet 10.1.0.0/16. The Google Cloud VPC has subnet 10.2.0.0/16 in the same region as the Cloud Router. Both subnets are unique. The connection has been working for months. However, after a recent maintenance window, the on-premises router started experiencing BGP flapping with the Cloud Router. The Cloud Router logs show 'BGP notification sent: Hold timer expired'. The on-premises router logs show similar errors. The network team has verified that the VPN tunnel is established and stable. What is the most likely cause of the BGP flapping?
Clue words in this question
Noticing these words before you look at the options changes how you read each choice.
Clue:
"most likely"Why it matters: Probability qualifier — the question wants the most probable cause or outcome, not a guaranteed one. Eliminate low-probability options.
Answer choices
Why each option matters
Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.
Correct answer & explanation
The on-premises router's BGP hold timer is set to 30 seconds, but the Cloud Router's hold timer is set to 180 seconds.
The BGP hold timer defines the maximum time a router waits to receive a keepalive or update message from a peer before declaring the session dead. When the on-premises router uses a hold timer of 30 seconds and the Cloud Router uses 180 seconds, the on-premises router expects keepalives every 10 seconds (one-third of hold time). If the Cloud Router sends keepalives at its own negotiated interval (e.g., 60 seconds based on its hold timer), the on-premises router will not receive them within its 30-second window, causing it to send a 'Hold timer expired' notification and flap the BGP session. The VPN tunnel remains stable because the issue is at the BGP session layer, not the underlying tunnel.
Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Answer analysis
Option-by-option breakdown
For each option: why learners choose it and why it is or isn't the right answer here.
- ✗
The VPN tunnel's MTU is set to 1500 bytes, but BGP packets are larger and are being fragmented.
Why it's wrong here
Fragmentation does not cause hold timer expiry.
- ✗
The Cloud Router's BGP keepalive interval is set to 30 seconds, while the on-premises router is using 10 seconds.
Why it's wrong here
The keepalive interval should be consistent; the hold timer is three times the keepalive interval by default.
- ✓
The on-premises router's BGP hold timer is set to 30 seconds, but the Cloud Router's hold timer is set to 180 seconds.
Why this is correct
If the remote side sends keepalives less frequently than the local hold timer, the session drops.
Clue confirmation
The clue word "most likely" in the question point toward this answer.
Related concept
Read the scenario before looking for a memorised answer.
- ✗
The on-premises router is advertising too many routes, causing the Cloud Router to run out of memory.
Why it's wrong here
Route advertisement does not trigger hold timer expiration.
Common exam traps
Common exam trap: answer the scenario, not the keyword
Google Cloud often tests the misconception that BGP flapping is always caused by VPN tunnel instability, but here the tunnel is stable and the issue is specifically a BGP hold timer mismatch, which is a common misconfiguration when connecting to cloud providers with fixed BGP timers.
Detailed technical explanation
How to think about this question
BGP hold timer negotiation uses the smaller of the two configured values (RFC 4271, Section 4.2). If the on-premises router advertises a hold time of 30 seconds and the Cloud Router advertises 180 seconds, the negotiated hold time is 30 seconds. However, if the Cloud Router's configuration forces a minimum hold time of 180 seconds (e.g., via a 'neighbor hold-timer' override or a vendor-specific behavior), the session may use 180 seconds, causing the mismatch. In Google Cloud, Cloud Router uses a default hold time of 180 seconds and keepalive interval of 60 seconds, which is not configurable; the on-premises router must match or exceed this hold time to avoid flapping.
KKey Concepts to Remember
- Read the scenario before looking for a memorised answer.
- Find the constraint that changes the correct option.
- Eliminate answers that are true in general but not in this case.
TExam Day Tips
- Watch for words such as best, first, most likely and least administrative effort.
- Review why wrong options are wrong, not only why the correct option is correct.
Key takeaway
Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Real-world example
How this comes up in practice
A healthcare organisation deploys an application with a public-facing web tier and a private database tier. The database subnet has no public IP and only accepts connections from the web tier's security group. Questions like this test whether you can design cloud network isolation using VNets/VPCs, subnets, and security group rules.
What to study next
Got this wrong? Here's your next step.
Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.
- →
Implementing hybrid interconnectivity — study guide chapter
Learn the concepts, then practise the questions
- →
Implementing hybrid interconnectivity practice questions
Targeted practice on this topic area only
- →
All PCNE questions
497 questions across all exam domains
- →
Google Professional Cloud Network Engineer study guide
Full concept coverage aligned to exam objectives
- →
PCNE practice test guide
How to use practice tests most effectively before exam day
Related practice questions
Related PCNE practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
Designing, planning, and prototyping a GCP network practice questions
Practise PCNE questions linked to Designing, planning, and prototyping a GCP network.
Implementing hybrid interconnectivity practice questions
Practise PCNE questions linked to Implementing hybrid interconnectivity.
Configuring network services practice questions
Practise PCNE questions linked to Configuring network services.
Implementing network security practice questions
Practise PCNE questions linked to Implementing network security.
Implementing a Virtual Private Cloud practice questions
Practise PCNE questions linked to Implementing a Virtual Private Cloud.
PCNE fundamentals practice questions
Practise PCNE questions linked to PCNE fundamentals.
PCNE scenario practice questions
Practise PCNE questions linked to PCNE scenario.
PCNE troubleshooting practice questions
Practise PCNE questions linked to PCNE troubleshooting.
Practice this exam
Start a free PCNE practice session
Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.
FAQ
Questions learners often ask
What does this PCNE question test?
Implementing hybrid interconnectivity — This question tests Implementing hybrid interconnectivity — Read the scenario before looking for a memorised answer..
What is the correct answer to this question?
The correct answer is: The on-premises router's BGP hold timer is set to 30 seconds, but the Cloud Router's hold timer is set to 180 seconds. — The BGP hold timer defines the maximum time a router waits to receive a keepalive or update message from a peer before declaring the session dead. When the on-premises router uses a hold timer of 30 seconds and the Cloud Router uses 180 seconds, the on-premises router expects keepalives every 10 seconds (one-third of hold time). If the Cloud Router sends keepalives at its own negotiated interval (e.g., 60 seconds based on its hold timer), the on-premises router will not receive them within its 30-second window, causing it to send a 'Hold timer expired' notification and flap the BGP session. The VPN tunnel remains stable because the issue is at the BGP session layer, not the underlying tunnel.
What should I do if I get this PCNE question wrong?
Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.
Are there clue words in this question I should notice?
Yes — watch for: "most likely". Probability qualifier — the question wants the most probable cause or outcome, not a guaranteed one. Eliminate low-probability options.
What is the key concept behind this question?
Read the scenario before looking for a memorised answer.
About these practice questions
Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →
Last reviewed: Jun 30, 2026
This PCNE practice question is part of Courseiva's free Google Cloud certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the PCNE exam.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.