An enterprise network manager has decided to dual-home two service providers for Internet connectivity.
In order to provide optimal outbound routing, the full Internet routing table will be accepted from each provider.
The enterprise has obtained address space and an AS to use in connecting to the Internet.
What is the simplest mechanism the network manager can use to prevent it from becoming a transit between the two service providers?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
When an enterprise network connects to two different service providers for Internet connectivity, it creates a risk of becoming a transit between the two providers, meaning that traffic from one provider can flow through the enterprise network to the other provider. This is generally undesirable as it can lead to increased traffic and potential security risks. To prevent this, the network manager can use a technique called "asymmetric routing prevention."
One way to achieve asymmetric routing prevention is to use a route filter that only allows specific networks owned by the enterprise to be advertised to each service provider. This means that the enterprise's routers will only advertise the networks that are directly connected to them, and will not advertise any routes learned from one service provider to the other service provider. This helps prevent the enterprise from becoming a transit between the two providers.
Answer A is correct. By building a route filter that only allows the specific networks the enterprise owns to be advertised to each of the service providers, the network manager can prevent the enterprise network from becoming a transit between the two service providers. The route filter can be implemented using an access control list (ACL) or a route map, and can be applied to the BGP neighbor or the BGP peer group.
Answer B is incorrect. Building a traffic filter that only allows traffic originating from the specific networks the enterprise owns to be forwarded towards the service providers will not prevent the enterprise from becoming a transit between the two service providers. This is because the traffic filter only affects the traffic flow, not the routing information that is advertised between the service providers.
Answer C is incorrect. Building a route filter that only allows networks with an empty AS path to be advertised to each of the service providers is not a good solution because it will block legitimate routes that have been learned from other providers or peers. This can result in suboptimal routing or even network outages.
Answer D is incorrect. Building a route filter that only allows networks which are tagged with the LOCAL community to be advertised to each of the service providers is not a good solution either, because the LOCAL community is typically used to prevent BGP routing information from being advertised to external peers, not to prevent transit traffic.