Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2440
Views
5
Helpful
2
Replies

default route to null0 with admin distance of 255

sroy
Level 1
Level 1

‎10-05-2006 07:16 PM - edited ‎03-03-2019 02:15 PM

Cisco's Security Auditor makes a recommendation that the command "ip route 0.0.0.0 0.0.0.0 null 0 255" rapidly discard packets with invalid destination addresses.

Link is at: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml#anti_spoofing

Question is - with an admin distance of 255 - why does this command have any impact - it should not enter the routing table. Also - even if it does, why is it any different than the router not finding a match in its routing table and dropping the packet.

Thanks!

Labels:
0 Helpful
2 Replies 2

Harold Ritter
Spotlight
Spotlight

‎10-05-2006 07:43 PM

I agree with you on the first point. This is a mistake since a route with an AD of 255 would never be installed in the RIB. I will make sure I take it to our documentation team for correction.

On the second point, performancewise, it is much better for the router to forward a packet to null0 following the default route than for the router to find out it has no route to destination, drop the packet and probably to send an ICMP unreachable message back to the source of that packet.

Hope this helps,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

sroy
Level 1
Level 1
In response to Harold Ritter

‎10-05-2006 07:49 PM

Thanks, this is very helpful

0 Helpful
Customers Also Viewed These Support Documents