cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
412
Views
0
Helpful
2
Replies

blackhole/null router

dong-lee
Level 1
Level 1

Hi,

I'm trying to implement a blackhole route server with our ISP. We currently running BGP, and we are getting full and default routes from ISP.

I understand what it does, but I'm not really sure how it is going to work...

Let's say we have an IP of 12.12.12.9 and 12.12.12.10 on other side(ISP)running BGP. We like to implement a blackhole route server(22.22.22.120).

What would be the configuration for this scenario be?? Would this below config work??

router bgp 12345

!

redistribute static route-map blackhole-route

neighbor 12.12.12.10 remote as 22222

neighbor 22.22.22.120 remote as 22222

neighbor 22.22.22.120 ebgp multihop 10

network 55.55.55.0 255.255.255.0

network 34.34.34.0 255.255.255.0

!

!

route-map blackhole-route permit 5

match tag 9999

set ip next-hop 22.22.22.120

set local-preference 50

set community additive no-export

!

!

ip route 55.55.55.12 255.255.255.255 null0 tag 9999

ip route 34.34.34.10 255.255.255.255 null0 tag 9999

Thanks in advance

2 Replies 2

ebreniz
Level 6
Level 6

The Cisco IOS software supports a "null" interface. This pseudo-interface functions similarly to the null devices available on most operating systems. This interface is always up and can never forward or receive traffic; encapsulation always fails.

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a0080087093.html#1012583

rwcrowe
Level 1
Level 1

If you are just trying to black hole some routes it is way easier to just send them to null0. There is really no need for a router to be a "black-hole" router.

If you where an ISP or provider for clients, the technique would be similar to the one you provided above, but you would probably not route these packets to a router, but to a host running some analysis software to peer into DDoS attacks or back-scatter.

Review Cisco Networking for a $25 gift card