PrepAway - Latest Free Exam Questions & Answers

which two configurations are required on the edge routers that are not the signaling router?

When implementing source-based remote-triggered black hole filtering, which two
configurations are required on the edge routers that are not the signaling router? (Choose
two.)

PrepAway - Latest Free Exam Questions & Answers

A.
A static route to a prefix that is not used in the network with a next hop set to the Null0
interface

B.
A static route pointing to the IP address of the attacker

C.
uRPF on all external facing interfaces at the edge routers

D.
Redistribution into BGP of the static route that points to the IP address of the attacker

E.
A route policy to set the redistributed static routes with the no-export BGP community

Explanation:
Source-Based RTBH Filtering
With destination-based black holing, all traffic to a specific destination is dropped after the
black hole has been activated, regardless of where it is coming from. Obviously, this could
include legitimate traffic destined for the target. Source-based black holes provide the ability
to drop traffic at the network edge based on a specific source address or range of source
addresses.
If the source address (or range of addresses) of the attack can be identified (spoofed or not), it
would be better to drop all traffic at the edge based on the source address, regardless of the
destination address. This would permit legitimate traffic from other sources to reach the
target. Implementation of source-based black hole filtering depends on Unicast Reverse Path
Forwarding (uRPF), most often loose mode uRPF.
Loose mode uRPF checks the packet and forwards it if there is a route entry for the source IP
of the incoming packet in the router forwarding information base (FIB). If the router does not
have an FIB entry for the source IP address, or if the entry points to a null interface, the
Reverse Path Forwarding (RPF) check fails and the packet is dropped, as shown in Figure 2.
Because uRPF validates a source IP address against its FIB entry, dropping traffic from
specific source addresses is accomplished by configuring loose mode uRPF on the external
interface and ensuring the RPF check fails by inserting a route to the source with a next hop
of Null0.
This can be done by using a trigger device to send IBGP updates. These updates set the next
hop for the source IP to an unused IP address that has a static entry at the edge, setting it to
null as shown in Figure 2.


Leave a Reply