Junos Cup 2014
Highlighted
Junos Cup 2014

Tournament 1: Boznia & Herzegovina Challenge & Solution - The Erratic Default Gateway

[ Edited ]
‎06-12-2014 07:47 AM

Country Flag associated with this challenge: Bosnia and Herzegovina

 

Author: Erdem Sener

 

Title: The Erratic Default Gateway

 

Type: Enterprise

 

Difficulty: Medium (1 point).

 

Technical Description: Fix the erratic behavior of pings with just one set command, executed either at R1 or R2.

 

Topology:

 

4-Boznia-&-Herzegovina-Topology.jpg

 

Challenge Instructions:

For this challenge, you need to start the topology called: “Bosnia and Herzegovina – The Erratic Default Gateway”.

 

From H, try to ping the loopback IP addresses of R1 or R2, with TTL=1. As shown here, you can see there is intermittent failure and success:

 

juniper@H> ping 10.100.1.1 ttl 1 no-resolve

PING 10.100.1.1 (10.100.1.1): 56 data bytes

/* Mix of echo replies and “Time to live exceeded” */

 

juniper@H> ping 10.100.2.2 ttl 1 no-resolve

PING 10.100.2.2 (10.100.2.2): 56 data bytes

/* Mix of echo replies and “Time to live exceeded” */

 

How to explain the results above? H does not have a deterministic default gateway. Sometimes it’s R1, other times it’s R2.

 

You need to make R1 the default gateway, by executing one set command on either R1 or R2 (but not both):

 

configure

set <command>

commit

 

The configuration must meet the following conditions:

 

-       You are not allowed to change the configuration of SW or H.

-       You can configure either R1 or R2 (but not both).

-       The single configuration command starts with the setkeyword.

-       The initial configuration must be a subset of the final configuration. If you think of the configuration as a text file, then you can add or insert paragraphs, lines, sentences, words... but you cannot delete or replace any words.

 

You know that the default gateway is deterministic if you obtain all of the following ping results at H:

 

-       ping 10.100.1.1, with no options, succeeds

-       ping 10.100.2.2, with no options, succeeds

-       Out of the two TTL=1 pings (ping 10.100.1.1 ttl 1 and ping 10.100.2.2 ttl 1), one systematically succeeds, while the other systematically results in “Time to live exceeded”

 

Tip: While trying to figure out the solution, you can commit as many configuration changes as you wish, but the final solution must work over the original configuration.

 

To solve the challenge please submit the set command, and the router where you apply it.

 

NOTE: If you have issues connecting to the Junosphere topology please check Junosphere Technical documentation, or request assistance in the Junosphere forum 

Send an email with your proposed solution to junos-cup@juniper.net:

  •  The subject should be “<country-name-of-the-challenge> -  <your-full-name>”. For example: “Brazil – Wolfgang Amadeus Mozart”.
  • In the email body, please include your proposed solution, along with your first and last name and complete mailing address including zip/postal code and your shirt size (S, M, L, XL, XXL, XXXL)


Some additional notes:

  • Feel free to participate in as many challenges as you like, they are open to everyone and the more you participate the better chance of winning!
  • Green Planet Rules: please start one topology at a time, do not run several topologies in parallel and don't forget to stop your active topology when not in use
  • The answers will be read by the organization right after the deadline
  • The challenge instructions are final, and no additional information or tips will be provided before the publication of the solution and the winner list. Please don’t expect a reply from junos-cup@juniper.net.
  • If you feel that your initial solution is wrong or incomplete, you can send up to three messages for the same challenge, but please note that only your last message (received before the deadline) will be read.
  • If you think there is an error in the definition of the challenges, please send us an email with subject (“<country-name> ERROR”); if there is no reply, then it’s likely an intentional condition of the challenge, rather than an error.

 OFFICIAL SOLUTION:

At R2:

juniper@R2# set firewall family inet filter PROTECT-HOST term ROUTING from protocol 51      

  

A good design would require this command to be executed at R1 too. However, for the requirements of this challenge, doing it at R2 is enough.

 

Julie Wider
Advocacy Manager
Twitter: @JNetCommunity & @jawider

Labels: