06-07-2004 07:57 AM - edited 03-02-2019 04:12 PM
Hi,
I'm trying to implement a blackhole route server with our ISP. We currently running BGP, and we are getting full and default routes from ISP.
I understand what it does, but I'm not really sure how it is going to work...
Let's say we have an IP of 12.12.12.9 and 12.12.12.10 on other side(ISP)running BGP. We like to implement a blackhole route server(22.22.22.120).
What would be the configuration for this scenario be?? Would this below config work??
router bgp 12345
!
redistribute static route-map blackhole-route
neighbor 12.12.12.10 remote as 22222
neighbor 22.22.22.120 remote as 22222
neighbor 22.22.22.120 ebgp multihop 10
network 55.55.55.0 255.255.255.0
network 34.34.34.0 255.255.255.0
!
!
route-map blackhole-route permit 5
match tag 9999
set ip next-hop 22.22.22.120
set local-preference 50
set community additive no-export
!
!
ip route 55.55.55.12 255.255.255.255 null0 tag 9999
ip route 34.34.34.10 255.255.255.255 null0 tag 9999
Thanks in advance
06-23-2004 06:57 AM
The Cisco IOS software supports a "null" interface. This pseudo-interface functions similarly to the null devices available on most operating systems. This interface is always up and can never forward or receive traffic; encapsulation always fails.
06-23-2004 11:37 AM
If you are just trying to black hole some routes it is way easier to just send them to null0. There is really no need for a router to be a "black-hole" router.
If you where an ISP or provider for clients, the technique would be similar to the one you provided above, but you would probably not route these packets to a router, but to a host running some analysis software to peer into DDoS attacks or back-scatter.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide