352-001 · Question #191
A company plans to use BFD between its routers to detect a connectivity problem inside the switched network. An IPS is transparently installed between the switches. Which packets should the IPS forwar
The correct answer is B. IP packets with identical source and destination IP addresses. BFD echo mode sends packets with identical source and destination IP addresses; an IPS must forward these or BFD echo sessions will fail, because the IPS may treat them as LAND attack packets.
Question
A company plans to use BFD between its routers to detect a connectivity problem inside the switched network. An IPS is transparently installed between the switches. Which packets should the IPS forward for BFD to work under all circumstances?
Options
- AIP packets with broadcast IP source addresses
- BIP packets with identical source and destination IP addresses
- Cfragmented packets with the do-not-fragment bit set
- DIP packets with the multicast IP source address
- EIP packets with the multicast IP destination address
- FIP packets with the destination IP address 0.0.0.0
How the community answered
(22 responses)- B68% (15)
- C18% (4)
- D5% (1)
- E9% (2)
Why each option
BFD echo mode sends packets with identical source and destination IP addresses; an IPS must forward these or BFD echo sessions will fail, because the IPS may treat them as LAND attack packets.
BFD control packets use unicast source addresses of the local router, never broadcast source addresses.
In BFD echo mode, a router sends packets using its own IP as both the source and destination so the remote device loops them back unchanged, confirming the forwarding path is alive. An IPS that drops packets with matching source and destination IPs - a signature commonly associated with LAND attacks - will silently break BFD echo sessions, so the IPS must be explicitly configured to pass these packets for BFD to function under all circumstances.
BFD control packets are small fixed-size PDUs and are never fragmented; the DF bit scenario is irrelevant to BFD operation.
BFD does not use multicast source addresses; all BFD packets use the unicast IP of the sending router as the source.
BFD does not use multicast destination addresses in standard implementations; control packets are sent unicast to the peer's IP address.
BFD does not send packets to destination 0.0.0.0; that address is associated with default route contexts, not BFD session packets.
Concept tested: BFD echo mode identical source and destination IP addressing
Source: https://www.rfc-editor.org/rfc/rfc5880
Topics
Community Discussion
No community discussion yet for this question.