0.2.1/32 null0

0.2.1/32 null0

!

route-policy test if tag is 666 then

set next-hop 192.0.2.1

set community (no-export)

endif

end-policy

!

Answer: C

Explanation:

Source-Based RTBH Filtering

With destination-based black holing, all traffic to a specific destination is dropped after the black hole has beenactivated, regardless of where it is coming from. Obviously, this could include legitimate traffic destined for thetarget. Source-based black holes provide the ability to drop traffic at the network edge based on a specificsource address or range of source addresses.

If the source address (or range of addresses) of the attack can be identified (spoofed or not), it would be betterto drop all traffic at the edge based on the source address, regardless of the destination address. This wouldpermit legitimate traffic from other sources to reach the target. Implementation of source-based black holefiltering depends on Unicast Reverse Path Forwarding

(uRPF), most often loose mode uRPF. Loose mode uRPF checks the packet and forwards it if there is a route entry for the source IP of the incomingpacket in the router forwarding information base (FIB). If the router does not have an FIB entry for the source

IP address, or if the entry points to a null interface, the Reverse Path Forwarding (RPF) check fails

and thepacket is dropped, as shown in Figure 2. Because uRPF validates a source IP address against its FIB entry,dropping traffic from specific source addresses is accomplished by configuring loose mode uRPF on theexternal interface and ensuring the RPF check fails by inserting a route to the source with a next hop of Null0.This can be done by using a trigger device to send IBGP updates. These updates set the next hop for thesource IP to an unused IP address that has a static entry at the edge, setting it to null as shown in Figure 2.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments