Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
951
Views
0
Helpful
3
Replies

blackhole route server

dong-lee
Level 1
Level 1

‎06-04-2004 06:22 AM - edited ‎03-09-2019 07:38 AM

Hi,

I'm trying to implement a blackhole route server with our ISP. We currently running BGP, and we are getting full and default routes from ISP.

I understand what it does, but I'm not really sure how it is going to work...

Let's say we have an IP of 12.12.12.9 and 12.12.12.10 on other side(ISP)running BGP. We like to implement a blackhole route server(22.22.22.120).

What would be the configuration for this scenario be?? Would this below config work??

router bgp 12345

!

redistribute static route-map blackhole-route

neighbor 12.12.12.10 remote as 22222

neighbor 22.22.22.120 remote as 22222

network 55.55.55.0 255.255.255.0

network 34.34.34.0 255.255.255.0

!

!

route-map blackhole-route permit 5

match tag 9999

set ip next-hop 22.22.22.120

set local-preference 70

set community additive no-export

!

!

ip route 55.55.55.12 255.255.255.255 null0 tag 9999

ip route 34.34.34.10 255.255.255.255 null0 tag 9999

Thanks in advance

Labels:
0 Helpful
3 Replies 3

nikhil_m
Level 1
Level 1

‎06-14-2004 04:48 AM

Any update on this ?

0 Helpful

mvalentine
Level 1
Level 1
In response to nikhil_m

‎06-15-2004 09:55 AM

I'm not sure exactly what you want to do, but if you are trying to configure a blackholed route it should look like this:

1. Add a static route to Null0 on all routers in the network. Make sure it's an unused address, like 10.x.y.z

2. On the advertising router

router bgp xxx

redis static route-map sample

route-map sample per 10

match tag 100

set ip next-hop 10.x.y.z (set it to whatever

your Null0 route is)

set local 50

set origin igp

set comm no-export

To set off the black hole route:

1. On the advertising router (from step 2 above) add a static route to null0 for the network you wish to blackhole

ex. ip route 1.1.1.0 255.255.255.0 null0 tag 100

2. The route (1.1.1.1 in our case) is now redistributed via the redistribute static command in bgp, this sets the next hop to the 10.x.y.z network, that router will then advertise this route to all its bgp peers.

3. The bgp peers put this route in thier route table with a next hop of 10.x.y.z. Which is the route to null0 we configured earlier in all routers on the network. So when a router gets a packet destined for the 1.1.1.0 network it will send it to null0 thus dropping the packet

One thing to note here is depending on your platform you should disable icmp unreachables with the no ip unreachables command. Some platforms use the cpu to generate unreachables, so your cpu could go through the roof if you are sending unreacables.

0 Helpful

jtantsura
Level 1
Level 1

‎06-22-2004 04:58 AM

Take a look at

http://www.nanog.org/mtg-0306/pdf/sink.pdf

0 Helpful
Customers Also Viewed These Support Documents