Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
565
Views
0
Helpful
1
Replies

Sinkhole routing rfc1918 on the core/distribution switch (6500)

Ruterford
Level 1
Level 1

‎08-20-2014 09:02 AM - edited ‎03-07-2019 08:27 PM

Hi guys,

I am planning on getting rid of packets going to unrouted nonexistent rfc1918 networks in our DC environment going into internet facing firewall from our core/distribution switch via default route. I am thinking on setting a bunch of rfc1918 static routes to Null0 on the core/distro switches so they will kill all the packets destined to unused rfc1918 networks into Null0. Wondering if that would be a good solution to this.

Thanks!

 

Labels:
0 Helpful
1 Reply 1

Richard Burts
Hall of Fame
Hall of Fame

‎08-20-2014 09:17 AM

I am not sure quite what you have in mind when you talk about a bunch of rfc1918 static routes. I could see doing a route for 10.0.0.0 range, for 172.16.0.0 range, and for 192.168.0.0 range. Is 3 a bunch? If you had more in mind what would they be?

 

If you do static routes to Null0 for the summarized spaces then it would allow routing to any private addresses used inside your network to work since they should have more specific entries in your routing table and it would discard traffic with destination addresses in private address space. Be aware that if you have any site to site VPN tunnels from the firewall or any address translations on the firewall that use private addresses that your plan may very well have negative consequences for them.

 

HTH

 

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card