[c-nsp] DOS Mitigation on MPLS Networks

Marko Milivojevic markom at PanGalactic.net
Tue Apr 12 12:47:24 EDT 2005


> Haven't had a chance to try it, but could you point the next-hop to an
> unused address like 1.1.1.1 and then recursively route 1.1.1.1 to null0 
> via
> a static route in the VRF?  While you would have to put the route in each
> VRF via a config line, that would certainly be less work than having to
> define a unique route map per VRF and applying to each peer.

    One other approach would be to have this blackhole route in separate VRF 
which will in turn be imported into every other VRF - it will make 
configuration much less horrible.

Marko. 



More information about the cisco-nsp mailing list