Information Technology Reference
In-Depth Information
Figure 9-8
Virtual Backbone Links Using GRE
GRE Tunnel
In Figure 9-8, ISP1 has built a GRE tunnel between its interface at NAP1 and its interface
at NAP2, where both ISP1 and ISP2 are located. The NAP router for ISP1 has a static route
configured as a /32 to the other end of the tunnel pointing to the interface on ISP2's router.
This builds the tunnel over ISP2's network, on which ISP1 can run its IGP, treating that
tunnel as a pseudo-wire.
The solution to this scenario goes back to how next hop for BGP prefixes is handled. The
NAP router for ISP2 should reset the next hop for all BGP prefixes received on the NAP
router from external peers. This removes any need to carry the NAP link addressing in the
IGP. If ISP2 does not carry the NAP interface network in its IGP, the GRE tunnel does
not form.
Case Study: Distributed Denial-of-Service Attack
Mitigation
Distributed Denial-of-Service (DDoS) attacks have become an increasingly popular
Internet attack mechanism because of the volume of traffic they can generate. The ISP
providing connectivity to the victim host finds them difficult to deal with. The traffic enters
the ISP from every upstream transit connection and peering point, making it very difficult
to discard.
Search WWH ::




Custom Search