[c-nsp] Assistance configuring a router to trigger remote blackhole
David Prall
dcp at dcptech.com
Thu Sep 17 21:08:36 EDT 2009
I would have a look here:
http://www.team-cymru.org/Services/Bogons/routeserver.html
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6642/pro
d_white_paper0900aecd80313fac.pdf
They have a sample configuration. You will need uRPF configured on your
interfaces as well to do the actual dropping of traffic with these source
addresses. The remote routers will need to modify the next-hop on receiving
a route with the community x:666, although it appears you are only concerned
with the static routes.
David
--
http://dcp.dcptech.com
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Naveen Nathan
> Sent: Thursday, September 17, 2009 8:23 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Assistance configuring a router to trigger remote
> blackhole
>
> Hi,
>
> I am new to the list, so please go easy on me.
>
> I'm in need of assistance configuring remote trigger blackhole in
> IOS. This feature is supported by our transit provider. I'm unsure
> if it's working or not, but since the nulled routes don't appear to
> be advertised to the transit peer, I'm assuming not.
>
> I've attached a portion of the cisco-config (substituting sensitive
> info,
> but it should be easy enough to follow).
>
> Would someone mind suggesting if I'm missing anything of particular
> importance. It would be much appreciated.
>
> Thanks.
>
> --
> Naveen Nathan
>
> To understand the human mind, understand self-deception. - Anon
More information about the cisco-nsp
mailing list