Exam 350-501 topic 1 question 14 discussion

Correct answer i C.

agreed, C is the correct answer!

In the example given, Router1 has the trigger config on it, which redistributes any static routes with tag 1 to its iBGP neighbors. HOWEVER, this configuration is missing a critical part of the RTBH config, which is that the route-map should also set the next-hop to 192.0.2.1 or whatever prefix is configured on the PE routers to point to Null0. Router2 is the PE router, which receives the incoming prefix and routes it to 192.0.2.1, which it already has a route to Null0 in place for. It's also configured with uRPF, which is a requirement for RTBH. HOWEVER, the configuration is missing the "reachable-via any" to enable loose-mode uRPF. Bottom line, the example config shown in the question is broken on both routers, and would never work. But it's clear what the intent is. C is clearly correct, R1 is the trigger router. A is sneaky as R2 could be the one receiving the attack, BUT it doesn't have to be... in RTBH, all edge routers in the ASN would be set up to receive and obey the black hole trigger route, regardless of which edge router is actually receiving the incoming attack that the SOC is responding to.

C is the closest IMO. The trigger router is Router 1, that is where we have the route-map configured. It is missing the set ip next-hop. The static route on Router 2 is also missing a static route but it would NOT be a static route for 192.168.1.0/24 because that is a NETWORK, it should be a static route to a host IP, the same host IP used for the "set ip next-hop". That is the blackhole route.

Router 1 does not do RTBH - the whole point of RTBH is to drop traffic at the edge. And for that to happen R1 would have to set a next hop to some value that would in turn be configured on all edges to null0... So whatever that config is - it's not RTBH.

Correct answer is D. (static route to Null0 interface is missing) The trigger (Router 1 in our case) must have an iBGP peering relationship with all the edge routers or, if using route reflectors, must have an iBGP peer relationship with all the route reflectors in every cluster. The trigger must also be configured to redistribute static routes to its iBGP peers. The PEs (Router 2 in our case) must have a static route for an unused IP address space (for example, 192.0.2.1/32) set to Null0. Loose URPF must be configured on all external facing interfaces at the edges (PEs). https://www.cisco.com/c/dam/en_us/about/security/intelligence/blackhole.pdf

agree with you C is correct

Correct answer is C https://www.cisco.com/c/dam/en_us/about/security/intelligence/blackhole.pdf

C is the correct answer!

Answer is C. Router one is acting like a black hole: "RTBH filtering provides a method for quickly dropping undesirable traffic at the edge of the network, based on either source addresses or destination addresses by forwarding it to a null0 interface. Null0 is a pseudointerface that is always up and can never forward or receive traffic. Forwarding packets to null0 is a common way to filter packets to a specific destination."

correct answer is A

I agree that C is correct, the link provides additional information.