How could you avoid your internal network to become a transit area (Choose two)?

You use 2x ISPs for the internet connectivity.

How could you avoid your internal network to become a transit area (Choose two)?
A . accept all routes from ISPs inbound
B . advertise all routes outbound
C . filter internal routes inbound
D . filter internal routes outbound
E . use just one ISP

Answer: A, D

Explanation:

When connecting to multiple exit points from your AS and peering with multiple ISPs, there is a danger that by misconfiguration, you advertise routes that are received from one ISP to the other ISP. Your AS can become a transit area for Internet traffic of other networks, which can cost you money and resources. You can easily avoid this situation by advertising only your assigned address space to all adjacent ISPs (also, you can advertise only your local AS and filter out the other ASs using BGP AS-path filter).

From a design point of view, this model (Multi-homing with Two ISPs) requires careful design consideration. For example, to avoid making the enterprise network as a transit AS/path for the two external ISPs (for example, ISP1 and ISP2), it is recommended that you always announce only your PI address space to the ISPs you are directly connected to. If, by mistake, you advertise routes that are received from ISP1 to ISP2, and ISP2’s policy is not restrictive enough, your AS will start to participate in the Internet traffic exchange (become a transit AS). In addition, if AS X, as shown in Figure 5-23, decided that the path to ISP1 from AS X is shorter through your network (via ISP2), it will start sending traffic that is destined for ISP1 to your router. Your router will happily route the traffic to ISP1, but the problem is that this extra traffic might leave your users with no bandwidth for themselves and, as a result, it will impact the overall user experience. Also, this situation raises a high security concern, because external traffic from an unknown network, traffic that could be malicious, will be using your corporate network as a transit path. Therefore, you, as the network designer, need to ensure that only the enterprise-owned PI address range is announced, combined with AS PATH filtering to permit only routes originating from the enterprise local AS to be advertised.

To prevent your network from becoming a transit AS, make sure that you advertise only your own PI address space to both ISPs by using outbound route filtering, BGP AS-PATH filtering, or a combination of both.

Latest 300-320 Dumps Valid Version with 725 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments