nerdexam
Cisco

352-001 · Question #191

A company plans to use BFD between its routers to detect a connectivity problem inside the switched network. An IPS is transparently installed between the switches. Which packets should the IPS forwar

The correct answer is B. IP packets with identical source and destination IP addresses. BFD echo mode sends packets with identical source and destination IP addresses; an IPS must forward these or BFD echo sessions will fail, because the IPS may treat them as LAND attack packets.

Design Considerations

Question

A company plans to use BFD between its routers to detect a connectivity problem inside the switched network. An IPS is transparently installed between the switches. Which packets should the IPS forward for BFD to work under all circumstances?

Options

  • AIP packets with broadcast IP source addresses
  • BIP packets with identical source and destination IP addresses
  • Cfragmented packets with the do-not-fragment bit set
  • DIP packets with the multicast IP source address
  • EIP packets with the multicast IP destination address
  • FIP packets with the destination IP address 0.0.0.0

How the community answered

(22 responses)
  • B
    68% (15)
  • C
    18% (4)
  • D
    5% (1)
  • E
    9% (2)

Why each option

BFD echo mode sends packets with identical source and destination IP addresses; an IPS must forward these or BFD echo sessions will fail, because the IPS may treat them as LAND attack packets.

AIP packets with broadcast IP source addresses

BFD control packets use unicast source addresses of the local router, never broadcast source addresses.

BIP packets with identical source and destination IP addressesCorrect

In BFD echo mode, a router sends packets using its own IP as both the source and destination so the remote device loops them back unchanged, confirming the forwarding path is alive. An IPS that drops packets with matching source and destination IPs - a signature commonly associated with LAND attacks - will silently break BFD echo sessions, so the IPS must be explicitly configured to pass these packets for BFD to function under all circumstances.

Cfragmented packets with the do-not-fragment bit set

BFD control packets are small fixed-size PDUs and are never fragmented; the DF bit scenario is irrelevant to BFD operation.

DIP packets with the multicast IP source address

BFD does not use multicast source addresses; all BFD packets use the unicast IP of the sending router as the source.

EIP packets with the multicast IP destination address

BFD does not use multicast destination addresses in standard implementations; control packets are sent unicast to the peer's IP address.

FIP packets with the destination IP address 0.0.0.0

BFD does not send packets to destination 0.0.0.0; that address is associated with default route contexts, not BFD session packets.

Concept tested: BFD echo mode identical source and destination IP addressing

Source: https://www.rfc-editor.org/rfc/rfc5880

Topics

#BFD#echo mode#transparent IPS#loopback packets

Community Discussion

No community discussion yet for this question.

Full 352-001 Practice