solution turn network host remotely sending broadcast frame called

A solution that allows to turn on a network host remotely by sending a broadcast frame is called:

Targeted broadcast helps in remote administration tasks such as backups and wake-on LAN (WOL) on a LAN interface, and supports virtual routing and forwarding (VRF) instances. The below topic discuss the process and functioning of targeted broadcast, its configuration details, and the status of the broadcast on various platforms.

Understanding Targeted Broadcast

Targeted broadcast is a process of flooding a target subnet with Layer 3 broadcast IP packets originating from a different subnet. The intent of targeted broadcast is to flood the target subnet with the broadcast packets on a LAN interface without broadcasting to the entire network. Targeted broadcast is configured with various options on the egress interface of the router or switch, and the IP packets are broadcast only on the LAN (egress) interface. Targeted broadcast helps you implement remote administration tasks, such as backups and wake-on LAN (WOL) on a LAN interface, and supports virtual routing and forwarding (VRF) instances.

Regular Layer 3 broadcast IP packets originating from a subnet are broadcast within the same subnet. When these IP packets reach a different subnet, they are forwarded to the Routing Engine (to be forwarded to other applications). Because of this, remote administration tasks such as backups cannot be performed on a particular subnet through another subnet. As a workaround, you can enable targeted broadcast to forward broadcast packets that originate from a different subnet.

Layer 3 broadcast IP packets have a destination IP address that is a valid broadcast address for the target subnet. These IP packets traverse the network in the same way as unicast IP packets until they reach the destination subnet, as follows:

  1. In the destination subnet, if the receiving router has targeted broadcast enabled on the egress interface, the IP packets are forwarded to an egress interface and the Routing Engine or to an egress interface only.
  2. The IP packets are then translated into broadcast IP packets, which flood the target subnet only through the LAN interface, and all hosts on the target subnet receive the IP packets. The packets are discarded If no LAN interface exists,
  3. The final step in the sequence depends on targeted broadcast:
    • If targeted broadcast is not enabled on the receiving router, the IP packets are treated as regular Layer 3 broadcast IP packets and are forwarded to the Routing Engine.
    • If targeted broadcast is enabled without any options, the IP packets are forwarded to the Routing Engine.

You can configure targeted broadcast to forward the IP packets only to an egress interface. This is helpful when the router is flooded with packets to process, or to both an egress interface and the Routing Engine.

Note:

Targeted broadcast does not work when the targeted broadcast option forward-and-send-to-re and the traffic sampling option sampling are configured on the same egress interface of an M320 router, a T640 router, or an MX960 router. To overcome this obstacle, you must either disable one of the these options or enable the sampling option with the targeted broadcast option forward-only on the egress interface. For information about traffic sampling, see Configuring Traffic Sampling.

Note:

Any firewall filter that is configured on the Routing Engine loopback interface (lo0) cannot be applied to IP packets that are forwarded to the Routing Engine as a result of a targeted broadcast. This is because broadcast packets are forwarded as flood next-hop traffic and not as local next-hop traffic, and you can apply a firewall filter only to local next-hop routes for traffic directed towards the Routing Engine.

Understanding IP Directed Broadcast

IP directed broadcast helps you implement remote administration tasks such as backups and wake-on-LAN (WOL) application tasks by sending broadcast packets targeted at the hosts in a specified destination subnet. IP directed broadcast packets traverse the network in the same way as unicast IP packets until they reach the destination subnet. When they reach the destination subnet and IP directed broadcast is enabled on the receiving switch, the switch translates (explodes) the IP directed broadcast packet into a broadcast that floods the packet on the target subnet. All hosts on the target subnet receive the IP directed broadcast packet.

This topic covers:

  • IP Directed Broadcast Overview
  • IP Directed Broadcast Implementation
  • When to Enable IP Directed Broadcast
  • When Not to Enable IP Directed Broadcast

IP Directed Broadcast Overview

IP directed broadcast packets have a destination IP address that is a valid broadcast address for the subnet that is the target of the directed broadcast (the target subnet). The intent of an IP directed broadcast is to flood the target subnet with the broadcast packets without broadcasting to the entire network. IP directed broadcast packets cannot originate from the target subnet.

When you send an IP directed broadcast packet, as it travels to the target subnet, the network forwards it in the same way as it forwards a unicast packet. When the packet reaches a switch that is directly connected to the target subnet, the switch checks to see whether IP directed broadcast is enabled on the interface that is directly connected to the target subnet:

  • If IP directed broadcast is enabled on that interface, the switch broadcasts the packet on that subnet by rewriting the destination IP address as the configured broadcast IP address for the subnet. The switch converts the packet to a link-layer broadcast packet that every host on the network processes.

  • If IP directed broadcast is disabled on the interface that is directly connected to the target subnet, the switch drops the packet.

IP Directed Broadcast Implementation

You configure IP directed broadcast on a per-subnet basis by enabling IP directed broadcast on the Layer 3 interface of the subnet’s VLAN. When the switch that is connected to that subnet receives a packet that has the subnet’s broadcast IP address as the destination address, the switch broadcasts the packet to all hosts on the subnet.

By default, IP directed broadcast is disabled.

When to Enable IP Directed Broadcast

IP directed broadcast is disabled by default. Enable IP directed broadcast when you want to perform remote management or administration services such as backups or WOL tasks on hosts in a subnet that does not have a direct connection to the Internet.

Enabling IP directed broadcast on a subnet affects only the hosts within that subnet. Only packets received on the subnet’s Layer 3 interface that have the subnet’s broadcast IP address as the destination address are flooded on the subnet.

When Not to Enable IP Directed Broadcast

Typically, you do not enable IP directed broadcast on subnets that have direct connections to the Internet. Disabling IP directed broadcast on a subnet’s Layer 3 interface affects only that subnet. If you disable IP directed broadcast on a subnet and a packet that has the broadcast IP address of that subnet arrives at the switch, the switch drops the broadcast packet.

If a subnet has a direct connection to the Internet, enabling IP directed broadcast on it increases the network’s susceptibility to denial-of-service (DoS) attacks.

For example, a malicious attacker can spoof a source IP address (use a source IP address that is not the actual source of the transmission to deceive a network into identifying the attacker as a legitimate source) and send IP directed broadcasts containing Internet Control Message Protocol (ICMP) echo (ping) packets. When the hosts on the network with IP directed broadcast enabled receive the ICMP echo packets, they all send replies to the victim that has the spoofed source IP address. This creates a flood of ping replies in a DoS attack that can overwhelm the spoofed source address; this is known as a smurf attack. Another common DoS attack on exposed networks with IP directed broadcast enabled is a fraggle attack, which is similar to a smurf attack except that the malicious packet is a User Datagram Protocol (UDP) echo packet instead of an ICMP echo packet.

Configure Targeted Broadcast

The following sections explain how to configure targeted broadcast on an egress interface and its options:

  • Configure Targeted Broadcast and Its Options
  • Display Targeted Broadcast Configuration Options

Configure Targeted Broadcast and Its Options

You can configure targeted broadcast on an egress interface with different options.

Either of these configurations is acceptable:

  • You can allow the IP packets destined for a Layer 3 broadcast address to be forwarded on the egress interface and to send a copy of the IP packets to the Routing Engine.

  • You can allow the IP packets to be forwarded on the egress interface only.

Note that the packets are broadcast only if the egress interface is a LAN interface.

To configure targeted broadcast and its options:

  1. Configure the physical interface.

    [edit] user@host# set interfaces interface-name

  2. Configure the logical unit number at the [edit interfaces interface-name hierarchy level.

    [edit interfaces interface-name] user@host# set unit logical-unit-number

  3. Configure the protocol family as inet at the [edit interfaces interface-name unit interface-unit-number hierarchy level.

    [edit interfaces interface-name unit interface--unit-number] user@host# set family inet

  4. Configure targeted broadcast at the [edit interfaces interface-name unit interface-unit-number family inet hierarchy level.

    [edit interfaces interface-name unit interface--unit-number family inet] user@host# set targeted-broadcast

  5. Specify one of the following options:

    • Allow IP packets destined for a Layer 3 broadcast address to be forwarded on the egress interface and to send a copy of the IP packets to the Routing Engine.

      [edit interfaces interface-name unit interface-unit-number family inet targeted-broadcast] user@host# set forward-and-send-to-re

    • Allow IP packets to be forwarded on the egress interface only.

      [edit interfaces interface-name unit interface-unit-number family inet targeted-broadcast] user@host# set forward-only

Note:

Targeted broadcast does not work when the targeted broadcast option forward-and-send-to-re and the traffic sampling option sampling are configured on the same egress interface of an M320 router, a T640 router, or an MX960 router. To overcome this obstacle, you must either disable one of the these options or enable the sampling option with the targeted broadcast option forward-only on the egress interface. For information about traffic sampling, see Configuring Traffic Sampling.

Display Targeted Broadcast Configuration Options

The following example topics display targeted broadcast configuration options:

  • Example: Forward IP Packets on the Egress Interface and to the Routing EngineTitle caps (lowercase prepositions)
  • Example: Forward IP Packets on the Egress Interface Only

Example: Forward IP Packets on the Egress Interface and to the Routing Engine

  • Purpose
  • Action

Purpose

Display the configuration when targeted broadcast is configured on the egress interface to forward the IP packets on the egress interface and to send a copy of the IP packets to the Routing Engine.

Action

To display the configuration, run the show command at the [edit interfaces interface-name unit interface-unit-number family inet] where the interface name is ge-2/0/0, the unit value is set to 0, and the protocol family is set to inet.

[edit interfaces interface-name unit interface-unit-number family inet] user@host#show targeted-broadcast { forward-and-send-to-re; }

Example: Forward IP Packets on the Egress Interface Only

  • Purpose
  • Action

Purpose

Display the configuration when targeted broadcast is configured on the egress interface to forward the IP packets on the egress interface only.

Action

To display the configuration, run the show command at the [edit interfaces interface-name unit interface-unit-number family inet] where the interface name is ge-2/0/0, the unit value is set to 0, and the protocol family is set to inet.

[edit interfaces interface-name unit interface-unit-number family inet] user@host#show targeted-broadcast { forward-only; }

Configuring IP Directed Broadcast (CLI Procedure)

Before you begin to configure IP directed broadcast:

  • Ensure that the subnet on which you want broadcast packets using IP direct broadcast is not directly connected to the Internet.

  • Configure a routed VLAN interface (RVI) for the subnet that will be enabled for IP direct broadcast. See Configuring Routed VLAN Interfaces on Switches (CLI Procedure).

Note:

We recommend that you do not enable IP directed broadcast on subnets that have a direct connection to the Internet because of increased exposure to denial-of-service (DoS) attacks.

You can use IP directed broadcast on an EX Series switch to facilitate remote network management by sending broadcast packets to hosts on a specified subnet without broadcasting to the entire network. IP directed broadcast packets are broadcast on only the target subnet. The rest of the network treats IP directed broadcast packets as unicast packets and forwards them accordingly.

To enable IP directed broadcast for a specified subnet:

  1. Add the target subnet’s logical interfaces to the VLAN:

    [edit interfaces] user@switch# set ge-0/0/0.0 family ethernet-switching vlan members v1 user@switch# set ge-0/0/1.0 family ethernet-switching vlan members v1

  2. Configure the Layer 3 interface on the VLAN that is the target of the IP directed broadcast packets:

    [edit interfaces] user@switch# set vlan.1 family inet address 10.1.2.1/24

  3. Associate a Layer 3 interface with the VLAN:

    [edit vlans] user@switch# set v1 l3-interface (VLAN) vlan.1

  4. Enable the Layer 3 interface for the VLAN to receive IP directed broadcasts:

    [edit interfaces] user@switch# set vlan.1 family inet targeted-broadcast

Example: Configuring IP Directed Broadcast on a Switch

IP directed broadcast provides a method of sending broadcast packets to hosts on a specified subnet without broadcasting those packets to hosts on the entire network.

This example shows how to enable a subnet to receive IP directed broadcast packets so you can perform backups and other network management tasks remotely:

  • Requirements
  • Overview and Topology
  • Configuring IP Directed Broadcast for non-ELS Switches
  • Configuring IP Directed Broadcast for Switches with ELS Support

Overview and Topology

You might want to perform remote administration tasks such as backups and wake-on-LAN (WOL) application tasks to manage groups of clients on a subnet. One way to do this is to send IP directed broadcast packets targeted at the hosts in a particular target subnet.

The network forwards IP directed broadcast packets as if they were unicast packets. When the IP directed broadcast packet is received by a VLAN that is enabled for targeted-broadcast, the switch broadcasts the packet to all the hosts in its subnet.

In this topology (see Figure 1), a host is connected to an interface on a switch to manage the clients in subnet 10.1.2.1/24. When the switch receives a packet with the broadcast IP address of the target subnet as its destination address, it forwards the packet to the subnet’s Layer 3 interface and broadcasts it to all the hosts within the subnet.

Figure 1: Topology for IP Directed Broadcast

Topology

Table 1 shows the settings of the components in this example.

Table 1: Components of the IP Directed Broadcast Topology

PropertySettings

Ingress VLAN name

v0

Ingress VLAN IP address

10.1.1.1/24

Egress VLAN name

v1

Egress VLAN IP address

10.1.2.1/24

Interfaces in VLAN v0

ge-0/0/3.0

Interfaces in VLAN v1

ge-0/0/0.0 and ge-0/0/1.0

Configuring IP Directed Broadcast for non-ELS Switches

To configure IP directed broadcast on a subnet to enable remote management of its hosts:

Procedure

  • CLI Quick Configuration
  • Step-by-Step Procedure
  • Results

CLI Quick Configuration

To quickly configure the switch to accept IP directed broadcasts targeted at subnet 10.1.2.1/24, copy the following commands and paste them into the switch’s terminal window:

[edit] set interfaces ge-0/0/0.0 family ethernet-switching vlan members v1 set interfaces ge-0/0/1.0 family ethernet-switching vlan members v1 set interfaces vlan.1 family inet address 10.1.2.1/24 set interfaces ge-0/0/3.0 family ethernet-switching vlan members v0 set interfaces vlan.0 family inet address 10.1.1.1/24 set vlans v1 l3-interface vlan.1 set vlans v0 l3-interface vlan.0 set interfaces vlan.1 family inet targeted-broadcast

Step-by-Step Procedure

To configure the switch to accept IP directed broadcasts targeted at subnet 10.1.2.1/24:

  1. Add logical interface ge-0/0/0.0 to VLAN v1:

    [edit interfaces] user@switch# set ge-0/0/0.0 family ethernet-switching vlan members v1

  2. Add logical interface ge-0/0/1.0 to VLAN v1:

    [edit interfaces] user@switch# set ge-0/0/1.0 family ethernet-switching vlan members v1

  3. Configure the IP address for the egress VLAN, v1:

    [edit interfaces] user@switch# set vlan.1 family inet address 10.1.2.1/24

  4. Add logical interface ge-0/0/3.0 to VLAN v0:

    [edit interfaces] user@switch# set ge-0/0/3.0 family ethernet-switching vlan members v0

  5. Configure the IP address for the ingress VLAN:

    [edit interfaces] user@switch# set vlan.0 family inet address 10.1.1.1/24

  6. To route traffic between the ingress and egress VLANs, associate a Layer 3 interface with each VLAN:

    [edit vlans] user@switch# set v1 l3-interface vlan.1 user@switch# set v0 l3–interface vlan.0

  7. Enable the Layer 3 interface for the egress VLAN to receive IP directed broadcasts:

    [edit interfaces] user@switch# set vlan.1 family inet targeted-broadcast user@switch# set vlan.0 family inet targeted-broadcast

Results

Check the results:

user@switch# show interfaces { ge-0/0/0 { unit 0 { family ethernet-switching { vlan { members v1; } } } } ge-0/0/1 { unit 0 { family ethernet-switching { vlan { members v1; } } } } ge-0/0/3 { unit 0 { family ethernet-switching { vlan { members v0; } } } } vlan { unit 0 { family inet { targeted-broadcast; address 10.1.1.1/24; } } unit 1 { family inet { targeted-broadcast; address 10.1.2.1/24; } } } vlans { default; v0 { l3-interface vlan.0; } v1 { l3-interface vlan.1; } }

Configuring IP Directed Broadcast for Switches with ELS Support

To configure IP directed broadcast on a subnet to enable remote management of its hosts:

Procedure

  • CLI Quick Configuration
  • Step-by-Step Procedure
  • Results

CLI Quick Configuration

To quickly configure the switch to accept IP directed broadcasts targeted at subnet 10.1.2.1/24, copy the following commands and paste them into the switch’s terminal window:

[edit] set interfaces ge-0/0/0.0 family ethernet-switching vlan members v1 set interfaces ge-0/0/1.0 family ethernet-switching vlan members v1 set interfaces irb.1 family inet address 10.1.2.1/24 set interfaces ge-0/0/3.0 family ethernet-switching vlan members v0 set interfaces irb.0 family inet address 10.1.1.1/24 set vlans v1 l3-interface irb.1 set vlans v0 l3-interface irb.0 set interfaces irb.1 family inet targeted-broadcast

Step-by-Step Procedure

To configure the switch to accept IP directed broadcasts targeted at subnet 10.1.2.1/24:

  1. Add logical interface ge-0/0/0.0 to VLAN v1:

    [edit interfaces] user@switch# set ge-0/0/0.0 family ethernet-switching vlan members v1

  2. Add logical interface ge-0/0/1.0 to VLAN v1:

    [edit interfaces] user@switch# set ge-0/0/1.0 family ethernet-switching vlan members v1

  3. Configure the IP address for the egress VLAN, v1:

    [edit interfaces] user@switch# set irb.1 family inet address 10.1.2.1/24

  4. Add logical interface ge-0/0/3.0 to VLAN v0:

    [edit interfaces] user@switch# set ge-0/0/3.0 family ethernet-switching vlan members v0

  5. Configure the IP address for the ingress VLAN:

    [edit interfaces] user@switch# set irb.0 family inet address 10.1.1.1/24

  6. To route traffic between the ingress and egress VLANs, associate a Layer 3 interface with each VLAN:

    [edit vlans] user@switch# set v1 l3-interface irb.1 user@switch# set v0 l3–interface irb.0

  7. Enable the Layer 3 interface for the egress VLAN to receive IP directed broadcasts:

    [edit interfaces] user@switch# set irb.1 family inet targeted-broadcast user@switch# set irb.0 family inet targeted-broadcast

    On QFX5000 Series, EX4300 Series, and EX4600 Series switches, the maximum number of targeted-broadcast supported is 63.

Results

Check the results:

user@switch# show interfaces { ge-0/0/0 { unit 0 { family ethernet-switching { vlan { members v1; } } } } ge-0/0/1 { unit 0 { family ethernet-switching { vlan { members v1; } } } } ge-0/0/3 { unit 0 { family ethernet-switching { vlan { members v0; } } } } vlan { unit 0 { family inet { targeted-broadcast; address 10.1.1.1/24; } } unit 1 { family inet { targeted-broadcast; address 10.1.2.1/24; } } } vlans { default; v0 { l3-interface irb.0; } v1 { l3-interface irb.1; } }

Verifying IP Directed Broadcast Status

  • Purpose
  • Action

Purpose

Verify that IP directed broadcast is enabled and is working on the subnet.

 

Which of the following solutions is used for controlling network resources?

Network access control (NAC) helps enterprises implement policies for controlling device and user access to their networks. NAC can set policies based on resource, role, device, and location-based access and enforce security compliance with security and patch management policies, among other controls.

Which of the following solutions is used for controlling network resources and assigning priority to different types of traffic?

QoS technology can manage resources by assigning the various types of network data different priority levels. QoS is usually applied on networks that cater to traffic that carry resource-intensive data like: Video-on-demand. Voice over IP (VoIP)

Which of the following is a computer system or an application service that acts as an intermediary between a network host and the Internet?

A proxy server is a dedicated computer or a software system running on a computer that acts as an intermediary between an endpoint device, such as a computer, and another server from which a user or client is requesting a service.

Which of the following is a macOS system search utility?

Spotlight is a system-wide desktop search feature of Apple's macOS and iOS operating systems. Spotlight is a selection-based search system, which creates an index of all items and files on the system.

zusammenhängende Posts

Which complication involves the entry of an intravenous solution containing a Vesicant?
How many times should a medical assistant check the label on an irrigating solution?
When the concentrations of solutions are the same on both sides of a membrane The two solutions are ___?
Which are commonly passed from the service provider to identity provider in federated solution?
When a client company declared and paid a stock dividend the external auditor should determine that?
Which of the following can be used to organize the pros and cons of the design so that the best solution will be chosen?
Which saline solution draws water from cells into the extracellular fluid (ecf) by osmosis
Which of the following are used by Common Criteria to describe specific security solution requirements?
Which are commonly passed from the service provider to the identity in a federated solution?

Toplist

Neuester Beitrag

Stichworte