Let’s up the stakes for this contest by giving two questions instead of one unlike what we have done for previous contests. This contest will focus on the workings of the Border Gateway Protocol (BGP). The first question deals with how to tweak the default behavior of BGP to suit our needs. The second question presents a troubleshooting scenario which involves BGP.
Question 1: eBGP peering with Loopback interfaces
In the diagram below, an eBGP peering relationship should exist between R1 and R2 using their loopback interfaces.
The configuration on the routers as shown below does not work. There are at least two ways to get the eBGP peering relationship to form. Provide these solutions.
hostname R1 ! interface FastEthernet0/0 ip address 10.1.1.1 255.255.255.0 interface Loopback0 ip address 220.127.116.11 255.255.255.255 ! router bgp 1 neighbor 18.104.22.168 remote-as 2 neighbor 22.214.171.124 update-source lo0 ! ip route 126.96.36.199 255.255.255.255 10.1.1.2
hostname R2 ! interface FastEthernet0/0 ip address 10.1.1.2 255.255.255.0 interface Loopback0 ip address 188.8.131.52 255.255.255.255 ! router bgp 2 neighbor 184.108.40.206 remote-as 1 neighbor 220.127.116.11 update-source lo0 ! ip route 18.104.22.168 255.255.255.255 10.1.1.1
Question 2: Remotely Triggered Black Hole (RTBH)
Recent attacks against the web server (10.0.0.100) on the organization’s network shown below have prompted the network administrator to configure RTBH. The attacks come in from the Extranet interface to which the LAN network (10.0.0.0/24) is visible (i.e. no NAT). However, the administrator has not been able to determine the source of the attacks and so she has concluded that it is better to enable destination-based RTBH. R1 is the Edge router while R2 will serve as the trigger.
The configuration on R1 is as follows:
interface Ethernet0/0 description ***Extranet Interface*** ip address 172.16.1.1 255.255.255.0 interface Ethernet0/1 description ***Connected to LAN*** ip address 10.0.0.1 255.255.255.0 interface Ethernet0/2 description ***Connected to Trigger*** ip address 192.168.99.1 255.255.255.0 ! ip bgp-community new-format ip community-list 1 permit 99:1 ! route-map RTBH permit 10 match community 1 set ip next-hop 192.0.2.1 ! router bgp 1 neighbor 192.168.99.2 remote-as 1 neighbor 192.168.99.2 route-map RTBH in !
The configuration on R2 is as follows:
interface Ethernet0/0 ip address 192.168.99.2 255.255.255.0 ! ip bgp-community new-format ! route-map RTBH permit 10 match tag 99 set community 999:1 no-export ! router bgp 1 redistribute static route-map RTBH neighbor 192.168.99.1 remote-as 1
Some days after she added this configuration, she noticed another DoS attack occuring against the web server and entered the following command to put the RTBH to work:
ip route 10.0.0.100 255.255.255.255 null0 tag 99
To her dismay, the attack did not stop. There are three configuration errors in her RTBH configuration; spot them and fix them.
The winner of this contest has the following prize options:
- N3,000 sent to a Nigerian bank account
- Amazon gift card worth $15
- $15 sent to a PayPal account
Remember to subscribe via Email to receive updates about new contests and solutions. Success!