Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8825
Views
11
Helpful
11
Replies

Re:ip route Null 0 concept

Go to solution
ambivert skill
Level 1
Level 1

‎02-28-2013 11:14 AM - edited ‎03-04-2019 07:10 PM

Hi,

What is the purpose of giving ip route------ null 0 command in address like this one

ip route 10.221.224.75 255.255.255.255 Null0

I need to clear the concept because in the following thread https://supportforums.cisco.com/thread/24582  it was mention that you can you it for route summarization but here we have given the particular IP so what is purpose of using null 0 with it.

Thanks

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to tony.henry_2

‎02-28-2013 06:10 PM

As others in this thread have mentioned there are several uses of a static route to null 0. It can be used as part of summarization (though that does not seem to be the case here). And it can be used to be sure that an entry is in the routing table so that it will be advertised by protocols such as BGP (though that does not seem to be the case here). And it can be used to silently discard traffic (which might be the case here).

Think about a situation in which you have detected that a host (perhaps 10.221.224.75) is probing your network or is generating unwelcome traffic into your network. You want to prevent traffic from being returned to that host. One alternative would be to configure access list filtering to deny traffic to that host. But configuring access list filtering introduces complexity into the configuration and overhead into the operation of the router. You could configure the static route as you mention and it would achieve the same result - no traffic is sent to 10.221.224.75. There is not complexity in the configuration and there is not extra overhead in evaluating the access list.

HTH

Rick

10.221.224.75#sthash.tgNfdTWc.dpuf

HTH

Rick

View solution in original post

11 Replies 11

Go to solution
blau grana
Level 7
Level 7

‎02-28-2013 11:35 AM

Hi

Null 0 interface is used to discard traffic destinated to paritcular network. It also help to summarize network prefix as you said.

It is good practice to add theese routes internet facing router ->

ip route 10.0.0.0 255.0.0.0 Null0

ip route 172.16.0.0 255.240.0.0 Null0

ip route 192.168.0.0 255.255.0.0 Null0

Theese routes do not allow route packets with private addresses in destination field of IP header to internet.

To be honest I do not see any logic to route host prefix to Null0 interface, but it depends on topology design, maybe it makes sense for administrator

Best Regards

Please rate helpful posts

Best Regards Please rate all helpful posts and close solved questions

Go to solution
arvind_data
Level 1
Level 1
In response to blau grana

‎02-28-2013 12:39 PM

In some cases where NNI network aslo use to avoid the loop.

0 Helpful

Go to solution
ramanathan.gunaseelan
Level 1
Level 1
In response to blau grana

‎08-21-2017 09:08 PM

ip route 10.0.0.0 255.0.0.0 Null0 we have configured and in bgp we have config the redistribute static but 10.0.0.0 segment showing in advertise routes how to avoid on this without removing null 0 route

0 Helpful

Go to solution
Jose Jara
Level 3
Level 3

‎02-28-2013 01:57 PM

Hi,

Normally is used with summarization as said to avoid forwarding loops. Other common use is for security doing black hole routing with BGP.

For example, let's say that router A is a CE doing summarization, configuring manually 10.1.1.0 255.255.255.0 null 0 and advertising this prefix to the PE. On the other hand is receiving the default route from the PE. Let's suppose that the CE is receiving the specifics routes of this aggregate via an IGP and suddenly it stops receiving one of them, the 10.1.1.0/25. Other site try to communicate with host 10.1.1.10, as the CE does not know how to reach the packet via the specifics routes received from the LAN, it chooses the 10.1.1.0/24 and it drops the packet. You may see that without configuring the route pointing to null 0, just configuring the same route pointing to the next hop of the LAN, the CE would choose the default route received from the PE and this one will choose the 10.1.1.0/24 towards the CE, then the CE does the same choosing the default and so on, and the forwarding loop will exist until the TTL expires.

Routing protocols OSPF, BGP and EIGRP, will install by default a discard route automatically when they do summarization via area x range/summary address in OSPF, aggregate-address in BGP and ip summary-address in EIGRP.

So, basically route to null 0 is used to avoid the election of less specific route.

Hope this helps,

Jose.

0 Helpful

Go to solution
paul driver
VIP
VIP

‎02-28-2013 03:23 PM

Hello,

Basically any ip address not matched within the null interface statement gets blacked holed instead of being loop around the network until the ttl expires. - I would say a very useful command to use.

res

Paul

Please don't forget to rate this post if it has been helpful.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
tony.henry_2
Level 1
Level 1

‎02-28-2013 05:47 PM

As i understood it.

A route packet sent to loopback will end up sending a ICMP unreachable from the router to the transmitting host. Whereas a packet sent to null interface will not send anything back to the transmitting host. This had security applications where you don't necessarily want to advertise what your networking infrastructure looks like, and you have reason to route stuff to null eg and ISP who wants to be a good netcitizen and routes RFC 1918 addresses to null.

HTH

Tony 

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to tony.henry_2

‎02-28-2013 06:10 PM

As others in this thread have mentioned there are several uses of a static route to null 0. It can be used as part of summarization (though that does not seem to be the case here). And it can be used to be sure that an entry is in the routing table so that it will be advertised by protocols such as BGP (though that does not seem to be the case here). And it can be used to silently discard traffic (which might be the case here).

Think about a situation in which you have detected that a host (perhaps 10.221.224.75) is probing your network or is generating unwelcome traffic into your network. You want to prevent traffic from being returned to that host. One alternative would be to configure access list filtering to deny traffic to that host. But configuring access list filtering introduces complexity into the configuration and overhead into the operation of the router. You could configure the static route as you mention and it would achieve the same result - no traffic is sent to 10.221.224.75. There is not complexity in the configuration and there is not extra overhead in evaluating the access list.

HTH

Rick

10.221.224.75#sthash.tgNfdTWc.dpuf

HTH

Rick

Go to solution
hermanwjacobsen
Level 1
Level 1

‎02-28-2013 07:31 PM

I've been working at an Internet Service Provider, where they actully used null routes to temporarily block customers from accessing the internet by creating a null route on the customers ip address and discarding the traffic.

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to hermanwjacobsen

‎03-01-2013 08:42 AM

Thanks for confirming my explanation by supplying a real world experience of it. Discarding traffic by using a static route to null 0 is simpler and less overhead than having to configure an access list and apply the access list to interface(s).

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
jawad-mukhtar
Level 4
Level 4
In response to Richard Burts

‎03-01-2013 10:01 AM

Very Nice Explanation by Richard. Thanks..

Jawad
0 Helpful

Go to solution
ambivert skill
Level 1
Level 1
In response to jawad-mukhtar

‎03-02-2013 04:35 AM

Thanks to all of you for clearing the concept, I really appreciate for helping me.

Regards

Ambivert

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card