PrepAway - Latest Free Exam Questions & Answers

Which two options best describe the purpose of session ID and cookie field in a L2TPv3 packet?

Which two options best describe the purpose of session ID and cookie field in a L2TPv3 packet?

PrepAway - Latest Free Exam Questions & Answers

A.
The session ID is a 32-bit locally significant field used to identify the call on the destination or
egress tunnel endport. The session ID will be negotiated by the control connection or statically
defined if using the L2TP v3 data plane only.

B.
The cookie is a variable length (with a maximum of eight bytes),word-aligned optional field. The
control connection can negotiate this as an additional level of guarantee beyond the regular
session ID lookup to make sure that a data message has been directed to the correct session or
that any recently reused session ID will not be misdirected.

C.
The cookie is a 32-bit locally significant field used to identify the call on the destination or
egress tunnel endpoint. The cookie will be negotiated by the control connection or statically
defined if using the L2TPv3 data plane only

D.
The session ID is a variable length (with a maximum of eight bytes), word-aligned optional field.
The control connection can negotiate this as an additional level of guarantee beyond the regular
cookie lookup to make sure that a data message has been directed to the correct session or that
any recently reused cookie will not be misdirected.

Explanation:
Session ID:
The 32-bit nonzero session ID carried in the data message header is used to associate incoming
data messages with a particular local attachment circuit. Note that one L2TPv3 session
corresponds to one pseudowire.
Cookie:
Following the session ID is an optional variable length random cookie value (maximum 64 bits).
This cookie value can be used in addition to the session ID and adds an extra level of assurance
that the incoming data messages are correctly associated with the local attachment circuit.
Furthermore, a randomly chosen cookie provides protection against blind insertion attacks. That
is, an attacker would find it very difficult, if not impossible, to insert packets into a data stream
(pseudowire) if the attacker is unable to sniff packets transiting the network between peer LCCEs.
This is because of the difficulty of guessing the correct cookie value (0 to
264 if the cookie is 64 bits in length).


Leave a Reply