nerdexam
Exams352-001Questions#545
Cisco

352-001 · Question #545

352-001 Question #545: Real Exam Question with Answer & Explanation

The correct answer is C: Apply next-hop self on both BGP neighbors on AS 65400. On a shared broadcast segment, eBGP peers can resolve next-hops directly to each other, bypassing the intended transit AS. Applying next-hop self on AS 65400 forces all traffic to route through it.

Question

Refer to the exhibit. Transit traffic in this large enterprise campus network passes the eBGP core. Per security policy, traffic coming from AS 65444 destined for AS 65466 and vice-versa must pass through AS 65400. An audit discovers that traffic between 65444 and 65466 did not pass through 65400, instead it is communicating directly. How must you design BGP to ensure that the traffic from AS 65444 destined for AS 65466 passes through AS65400 on this broadcast network?

Exhibit

352-001 question #545 exhibit

Options

  • AApply an ACL on AS 65466 to drop the direct traffic between AS 65444 and AS 65466
  • BApply AS-path prepending on AS 65466 and AS 65444
  • CApply next-hop self on both BGP neighbors on AS 65400
  • DApply the MED attribute on the BGP session for AS 65444

Explanation

On a shared broadcast segment, eBGP peers can resolve next-hops directly to each other, bypassing the intended transit AS. Applying next-hop self on AS 65400 forces all traffic to route through it.

Common mistakes.

  • A. An ACL would drop the traffic entirely rather than redirecting it through AS 65400, which violates connectivity requirements.
  • B. AS-path prepending influences path selection by making a path appear longer, but it does not change the next-hop attribute on the shared broadcast segment and does not force traffic through AS 65400.
  • D. MED is used to influence inbound traffic selection between multiple entry points into a single AS and does not control the transit path across the broadcast segment.

Concept tested. BGP next-hop self on multi-access broadcast networks

Reference. https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13751-next-hop.html

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 352-001 Practice