PrepAway - Latest Free Exam Questions & Answers

Which of the following are steps to configure destination-based Remote Triggered Black Hole (RTBH) filtering?

Which of the following are steps to configure destination-based Remote Triggered Black Hole
(RTBH) filtering? (Choose three.)

PrepAway - Latest Free Exam Questions & Answers

A.
Configure BGP between trigger and black hole routers.

B.
Configure OSPF between trigger router and black hole routes

C.
Configure all edge routers with static (reserved) host route to Null0

D.
Configure on trigger router to advertise victim host route with community

E.
Activate black hole by redistributing route for victim into BGP with next-hop set to the static
(reserved) hostroute configured on edge routers.

Explanation:
The three steps in destination-based black hole filtering are summarized below.
Step 1. The setup (preparation)
A trigger is a special device that is installed at the NOC exclusively for the purpose of triggering a
black hole.
The trigger must have an iBGP peering relationship with all the edge routers, or, if using route
reflectors, it must have an iBGP relationship with the route reflectors in every cluster. The trigger is

also configured to redistribute static routes to its iBGP peers. It sends the static route by means of
an iBGP routing update.
Step 2. The trigger
An administrator adds a static route to the trigger, which redistributes the route by sending a BGP
update to all its iBGP peers, setting the next hop to the target destination address under attack as
192.0.2.1 in the current example. The PEs receive their iBGP update and set their next hop to the
target to the unused IP address space 192.0.2.1. The route to this address is set to null0 in the
PE, using a static routing entry in the router configuration. The next hop entry in the forwarding
information base (FIB) for the destination IP (target) is now updated to null0. All traffic to the target
will now be forwarded to Null0 at the edge and dropped.
Step 3. The withdrawal
Once the trigger is in place, all traffic to the target destination is dropped at the PEs. When the
threat no longer exists, the administrator must manually remove the static route from the trigger,
which sends a BGP route withdrawal to its iBGP peers. This prompts the edge routers to remove
the existing route for the target that ispointed to 192.0.2.1 and to install a new route based on the
IGP routing information base (RIB).


Leave a Reply