08-02-2012 08:00 AM - edited 03-04-2019 05:08 PM
Hi,
Can some one explain about "BLACKHOLE" in ip routing and when do we use this option
For Ex : ip route 0.0.0.0 0.0.0.0 Null0 254 name BLACKHOLE
Pls explain like above command...
Solved! Go to Solution.
08-02-2012 08:08 AM
You DO NOT want to use this for the 99,999999% of the situaions you will find. A blackhole is a dark way to bring an attack in the BGP world for example and you can have very bad consequences also from a legal point of view.
Instead, using a null interface can be useful to create an entry in the BGP routing table if no synchronization is used. BGP, as you know, will work only with the networks present in the routing table therefore, if i want to advertise 10.10.10.0/24
i can write a static route for this network pointing to "nothing" so that i will have my network in the routing table and i will not forward my subnet in anywhere by static routing.
indeed you can use a null interface as defence as well. Not common but if you have no firewalls on your network and you notice a lot of attacks on your log from a subnet or a set of subnet you can write a static route stating that all the traffic coming from those bad boys subnets are poining to null...
this becomes a kind of "bin" and the souspicious network will never reach the target because they will be routed to "nothing" on your ISP facing router...
Hope it helps a bit
Alessio
PS: however look for the null interfaces... it is a cool topic
08-02-2012 08:08 AM
You DO NOT want to use this for the 99,999999% of the situaions you will find. A blackhole is a dark way to bring an attack in the BGP world for example and you can have very bad consequences also from a legal point of view.
Instead, using a null interface can be useful to create an entry in the BGP routing table if no synchronization is used. BGP, as you know, will work only with the networks present in the routing table therefore, if i want to advertise 10.10.10.0/24
i can write a static route for this network pointing to "nothing" so that i will have my network in the routing table and i will not forward my subnet in anywhere by static routing.
indeed you can use a null interface as defence as well. Not common but if you have no firewalls on your network and you notice a lot of attacks on your log from a subnet or a set of subnet you can write a static route stating that all the traffic coming from those bad boys subnets are poining to null...
this becomes a kind of "bin" and the souspicious network will never reach the target because they will be routed to "nothing" on your ISP facing router...
Hope it helps a bit
Alessio
PS: however look for the null interfaces... it is a cool topic
08-02-2012 09:48 AM
It's easy to understand
Thanks you Alessio,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide