[c-nsp] Update: DOS Mitigation on MPLS Networks
Gert Doering
gert at greenie.muc.de
Wed Apr 13 17:47:23 EDT 2005
Hi,
On Wed, Apr 13, 2005 at 10:44:52AM -0700, Bruce Pinsky wrote:
> | #CONFIG ON PE NEAREST VICTIM (CONFIGURED WHEN NEEDED)
> |
> | !! If your victim is on 5.6.7.8..
> | ip prefix-list poison permit 5.6.7.8/32
> | ip route 5.6.7.8 255.255.255.255 1.2.3.4
> | !
>
> Am I missing something or is setting the static route to 1.2.3.4 not
> required since you are setting the next-hop to that via the route-map? It
> seems redundant to me.
You need to get the route into BGP some way, initially :-) - and
"redist static" (with prefix-list) is one of the easier ways.
I'd rather not do it with a prefix-list, because that means you need
to adapt the prefix list *and* the static route every time. Using
route tags
ip route 5.6.7.8 255.255.255.255 1.2.3.4 tag 1234
and then matching in a redistribute route-map on the tag is "just one
step".
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp
mailing list