Note that I'm completely oblivious as to Cisco's certification program.
Don't assume these questions are like those on a certification test.
What are IGPs and EGPs and why are they different?
Interior Gateway Protocols such as RIP, OSPF, IGRP, EIGRP and IS-IS
are used within the network of a single organization or a part of an
organization, Exterior Gateway Protocols such as EGP and BGP are used
for routing between different organizations or "administrative
What do BGP, eBGP, iBGP and AS stand for? What's the difference between
eBGP and iBGP?
Border Gateway Protocol, internal BGP, external BGP, Autonomous
System. eBGP is used towards other autonomous systems, iBGP is used
within an AS.
Name several path attributes and their function.
- Next hop: contains the IP address of the router where
packets for the destination prefix should go to
- AS path: loop detection, best path selection, to apply
- Local preference: best path selection / to communicate
preference to other routers within the AS
- Multi exit discriminator (MED): first tie breaker for path
selection, originally to select one path when several are available
from the same neighbor AS but now often to select the best path
between several paths with the same AS path length, regardless of
whether they were learned from the same neighbor AS
- Origin: shows where information in BGP came from (IGP, EGP
or unknown), no real/official use but can be used for traffic
- Community: one or more 32-bit values with user-defined
- Atomic aggregate: indicates that a router has aggregated
several routes into a larger block
- Aggregator: indicates where an aggregate route was created
What is the global routing table? What is (roughly) its size?
The global routing table is a list of all prefixes (and associated
information) that are in use within the internet. Its size is
approximately 130,000 prefixes currently.
Why is there a problem with iBGP in large networks? How can this problem
be solved? Describe each solution in 1 - 3 sentences.
There must be a full mesh of iBGP sessions, in other words: each BGP
router within an AS must have iBGP sessions with all other BGP routers
in the AS. By requiring that all information in iBGP is learned
directly from the router that learned the information over eBGP, there
can't be any loops in iBGP. The full mesh requirement can be solved
using either route reflectors or confederations.
Route reflectors distribute iBGP information from one router to
another, which is normally not allowed in iBGP. Since the clients of
the route reflector get all iBGP from the route reflector they don't
need to have iBGP sessions with all other BGP routers. Reflectors add
additional path attributes that allow them to detect and eliminate
In a confederation, the AS is split into a number of sub-ASes, so the
iBGP full mesh is done within each sub-AS and a modified version of
eBGP is used between sub-ASes. To the outside, the confederation
behaves like a single AS.
Unlike all other routing protocols, BGP uses TCP as its transport
protocol. Discuss the consequences of running BGP over UDP. (What would
happen and/or what would have to be changed in BGP.)
In order to be able to run over UDP, BGP would have to implement
functionality that is normally associated with transport protocols,
such as retransmissions and reordering. Since in BGP communication is
always with specific neighbors that are known in advance, using TCP
here allows for a simpler implementation.
What are the disadvantages of existing and proposed BGP security
BGP TCP MD5 option: hard to implement on general purpose systems, hard
to manage because password must match on both sides with no provisions
for setting up/changing it, only protects session between two routers,
information in BGP may still be wrong.
S-BGP and soBGP: currently, there is no repository of known
prefix-to-AS mappings that these protocols could secure. Experience
with cryptographic authentication shows there are regularly mistakes
that lead to information that is valid being rejected because of a
problem with the authentication.
S-BGP: the amount of extra memory in routers and the number of
signature checks can be problematic for existing routers, and
offloading isn't possible. Secret key must be stored on the router to
be able to generate signatures.
Suppose AS 10 is a multihomed customer of AS 20 and AS 30. AS 10 receives
most of its incoming traffic over AS 30 and wants to employ traffic
engineering techniques to shift some of this traffic from AS 30 to AS 20.
For this purpose, a route map is created. Assume that the following
excerpt of the BGP table is a good representation of the BGP table as a
Network Next Hop Metric LocPrf Weight Path
*>i220.127.116.11/24 18.104.22.168 0 100 0 20 209 13606 i
* 22.214.171.124 0 0 30 209 13606 i
* i126.96.36.199/24 188.8.131.52 0 100 0 20 209 7018 23087 i
*> 184.108.40.206 0 0 30 7018 23087 i
* i220.127.116.11/24 18.104.22.168 0 100 0 20 209 7018 20457 i
*> 22.214.171.124 0 0 30 4181 20457 i
- Which BGP attributes would AS 10 possibly like to change in the route
map "set" clause, in what way (higher/lower, longer/shorter), and which
would be the best choice?
The only real option for influencing incoming traffic is to make the
AS path longer as local preference and MED metric aren't communicated
to the source AS.
- 8b. Should a "match" clause be used in this route map?
No, that's not necessary as we want to apply the change to all
outgoing routing information.
- Should the route map be applied to:
The BGP session with AS 20 "in"
The BGP session with AS 20 "out"
The BGP session with AS 30 "in"
The BGP session with AS 30 "out"
The path over AS 30 as seen by remote ASes must become longer, so the
route map must be applied to the session with AS 30 for "out".
What is the function of the connection collision detection mechanism?
Because both BGP routers may try to open a session to the other at
the same time, it is possible that two sessions are established at
the same time. The connection collision detection mechanism detects
this situation and then applies a set of rules to determine which of
the two sessions is terminated and which one is actually used.
What is the "longest match first" rule and what does it do? (Provide an
example if necessary.)
When two overlapping prefixes are present in the routing table, an
address that falls within the overlapping range will match the longest
of these prefixes (= the smallest block of addresses or the "more
specific" prefix). For instance, 10.0.1.1 matches both 10.0.0.0/8
(which is 10.0.0.0 - 10.255.255.255) and 10.0.1.0/24 (which is
10.0.1.0 - 10.0.1.255). The second prefix is more specific: it has a
prefix length of 24 while the first prefix has a length of 8. So when
looking in the routing table to see where a packet with address
10.0.1.1 should go, the match will be 10.0.1.0/24.
You can also take the interactive BGP expert test.