Your company uses multi-vendor routing platforms (Cisco and Juniper) and has multiple sites connected via MPLS from a service provider.
Each remote site has a GRE tunnel with the Headquarter (HQ) and a BGP session over this tunnel, in order to learn prefixes that you don't want to be exchanged with your MPLS provider.
After attending a security training, your Security Team raised concerns about ICMP-based attacks and decided to
Some time after the Security Team implemented the above changes, you notice that the BGP session with Site-2 (Juniper-based CE) started to flap impacting the connectivity to this site.
After getting some more info, it seems that all Juniper-based CE sites are affected (BGP sessions go UP, they try to exchange prefixes but then NOTIFICATION is received and BGP goes down), while the BGP sessions to the Cisco-based CE sites are ok.
What is the problem and how to solve it?
Post your answer in the 'Comments' section below and subscribe to this blog to get the detailed solution and more interesting quizzes.
Costi is a network and security engineer with over 10 years of experience in multi-vendor environments. He holds a CCIE Routing and Switching certification and is currently pursuing same expert-level certifications in other areas. He believes that the best way to learn and understand networking topics is to challenge yourself to fix different problems, production-wise or lab-type exams. He also enjoys teaching networking and security technologies, whevever there is an opportunity for it.
Comments
comments powered by Disqus