[c-nsp] Blackhole Inbound Traffic
Pete Templin
petelists at templin.org
Wed Nov 17 22:21:05 EST 2010
On 11/17/10 6:42 PM, Steve Bertrand wrote:
> Here's a relatively complete example that also incorporates the Team
> Cymru feeds:
>
> http://ipv6canada.com/?p=59
An excellent example, indeed. I will mention that the Team Cymru feeds
only get you so far: if you don't ensure that routes within bogon space
are always rejected from peers/customers, the TC BGP feed can be
partially overridden by those bogon routes learned from peers/customers.
Likewise, your blackhole routes need to be longer than existing
routing entries, or the more-specific routes will take precedence,
regardless of local-pref.
pt
More information about the cisco-nsp
mailing list