请问CCIE RS 400-101 227Q题库的25题答案为什么选A

猪也有梦想

Why is interface loopback 0 of R4 missing in the BGP table of R2?
A. R2 is not configured as a route reflector client.
B. The route is originating in the same cluster list.
C. The route originated within the same AS.
D. The next hop is not reachable form R2.


笔记中这样写到：
1、从EBGP对等体学到的路由按正常的方式处理
2、从客户学到的路由要反射给客户和非客户
3、从非客户学到的只反射给客户
4、非客户之间不传递路由！！



R3是反射器，R4是客户，R3从R4客户学到的路由不是可以反射给非客户R2吗？
对反射器不太懂，请指点，谢谢

shenka

R2上配置了与R3相同的bgp cluster id

jow117

做个实验看看

猪也有梦想

jow117 发表于 2016-6-26 10:03
做个实验看看

好的，我现在就做

猪也有梦想

jow117 发表于 2016-6-26 10:03
做个实验看看

好的，我现在就做

猪也有梦想

做了，和笔记上的结果一样，客户R3能够反射给非客户R1，非客户R1也能反射给客户R3

求各位老师指导，第一次做路由反射器实验，见笑了

配置如下：
R1

interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Ethernet0/0
ip address 12.1.1.1 255.255.255.0
half-duplex
!
interface Ethernet0/1
no ip address
shutdown
half-duplex
!
interface Ethernet0/2
no ip address
shutdown
half-duplex
!
interface Ethernet0/3
no ip address
shutdown
half-duplex
!
router ospf 1
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0


router bgp 65001
no synchronization
bgp log-neighbor-changes
network 1.1.1.0 mask 255.255.255.0
neighbor 12.1.1.2 remote-as 65001
no auto-summary



R2
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
interface Ethernet0/0
ip address 23.1.1.2 255.255.255.0
half-duplex
!
interface Ethernet0/1
ip address 12.1.1.2 255.255.255.0
half-duplex
!
interface Ethernet0/2
no ip address
shutdown
half-duplex
!
interface Ethernet0/3
no ip address
shutdown
half-duplex
!
router ospf 1
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0


router bgp 65001
no synchronization
bgp log-neighbor-changes
network 2.2.2.0 mask 255.255.255.0
neighbor 12.1.1.1 remote-as 65001
neighbor 23.1.1.3 remote-as 65001
neighbor 23.1.1.3 route-reflector-client
no auto-summary
!


R3

interface Loopback0
ip address 3.3.3.3 255.255.255.0
!
interface Ethernet0/0
no ip address
shutdown
half-duplex
!
interface Ethernet0/1
ip address 23.1.1.3 255.255.255.0
half-duplex
!
interface Ethernet0/2
no ip address
shutdown
half-duplex
!
interface Ethernet0/3
no ip address
shutdown
half-duplex
!
router ospf 1
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0


router bgp 65001
no synchronization
bgp log-neighbor-changes
network 3.3.3.0 mask 255.255.255.0
neighbor 23.1.1.2 remote-as 65001
no auto-summary


实验结果
R1#sh ip route bgp
     2.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
B       2.2.2.0/24 [200/0] via 12.1.1.2, 00:06:39
     3.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
B       3.3.3.0/24 [200/0] via 23.1.1.3, 00:01:10



R2#sh ip route bgp
     1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
B       1.1.1.0/24 [200/0] via 12.1.1.1, 00:06:58
     3.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
B       3.3.3.0/24 [200/0] via 23.1.1.3, 00:03:58


R3#sh ip route bgp
     1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
B       1.1.1.0/24 [200/0] via 12.1.1.1, 00:01:31
     2.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
B       2.2.2.0/24 [200/0] via 23.1.1.2, 00:04:16

shenka

R2上配置的bgp cluster id和R3相同，在R2成为RR之前不会传递

猪也有梦想

shenka 发表于 2016-6-26 11:31
R2上配置的bgp cluster id和R3相同，在R2成为RR之前不会传递

不明白？求解释

猪也有梦想

同时问227Q的52题，关于PMTUD

52.Which two security risks can occur with PMTUD? (Choose two)
A. An attacker can block valid Datagram Too small messages, to cause a DDos.
50.Refer to the exhibit.
Which kind of ICMPv6 packet is shown in the output?
B. An attacker can block valid Datagram Too small messages, to cause a Dos.
C. An attacker can slow data flow by sending false messages that indicate that the PMTU is significantly smaller than the true PMTU.
D. An attacker can cause data lost by sending false messages that indicate that the PMTU is significantly smaller than the true PMTU.
E. An attacker can cause data lost by sending false messages that indicate that the PMTU is significantly larger than the true PMTU.
F. An attacker can slow data flow by sending false messages that indicate that the PMTU is significantly larger than the true PMTU.
Answer: BD

我觉得选E，而非选D

PMTU（Path MTU，路径最大传输单元）是在源节点和目的节点之间的路径上的任一链路所能支持的链路MTU的最小值。
在IPv6网络中，分段不在中间路由器上进行。当需要传送的数据报文长度比链路MTU大时，只由源节点本身对数据报文进行分段，中间路由器不对数据报文进行再次分段。这就要求源节点在发送数据报文前能够发现整个发送路径上的所有链路的最小MTU，然后以该MTU值发送数据报文，这就是PMTU发现。

既然是发现路径的最小MTU，那么制造一个错误的消息，增大最小MTU，就可能导致丢包（因为IPv6在中间节点不会分片），不应该选E吗

shenka

猪也有梦想 发表于 2016-6-26 11:57
不明白？求解释

cluster_list是用于防环的，RR反射路由时将自己的RID加入到cluster_list中。如果一个簇中收到带有它本身簇ID的更新消息，路由器就知道出现了环路而放弃该路由。

猪也有梦想

R1#sh ip bgp 3.3.3.0
BGP routing table entry for 3.3.3.0/24, version 8
Paths: (1 available, best #1, table Default-IP-Routing-Table)
  Not advertised to any peer
  Local
    23.1.1.3 (metric 20) from 12.1.1.2 (2.2.2.2)
      Origin IGP, metric 0, localpref 100, valid, internal, best
      Originator: 3.3.3.3, Cluster list: 2.2.2.2

看来我得当面问高手了

shenka

抓包看出R3已经向R2通告了4.4.4.0/24的前缀，包含Cluster id 3.3.3.3

在R2上debug ip bgp up，却显示R2没有接受这条路由：
*Jun 26 15:43:41.083: BGP(0): 192.168.23.3 rcv UPDATE about 4.4.4.0/24 -- DENIED due to: reflected from the same cluster;

猪也有梦想

谢谢楼上

daniel@990.net

没那么复杂吧？就是 R3上忘了配R2是Reflector client，这样R3就不会把从R4收到的路由发给R2。这题应该就是考个RR的基本概念。