[c-nsp] question on s/rtbh 6500 with sup720-3cxl

Rod James Bio rjubio at gmail.com
Mon Feb 9 00:51:14 EST 2015


Hi,

In case I fail to get the whole scenario. Why is a provider sending 
packets destined to 10/8 to you? Are you announcing that prefix? That 
should not happen.

Regarding your question. I think that the interface is still receiving 
those packets but are being drop before it exits your router.

thanks.

On 2/9/15 12:39, John Brown wrote:
> Quick dumb question on S/RTBH.
> I get all the foo around the dynamic nature of using BGP to inject the
> bad prefix (source or dest) we want to drop.
>
> At present we do this with destination dropping / blackholing.   I
> want to drop RFC 1918 sourced packets coming to me at my edge towards
> providers / peers.  I've got one provider sending me nearly 80Mb/s
> worth traffic with the source IP being in Net-10.  Their answer is for
> me to ACL it. ICK
>
> My thought was to enable loose uRPF on the interface  and create a
> static route for net-10 pointing to null0
>
> interface te4/1
>     ip verify unicast source reachable-via any
>
> ip route 10.0.0.0 255.0.0.0 null0
>
> shouldn't that cause net-10 into the FIB with a ptr to null0 and thus
> uRPF will discard ??
>
> Netflow still shows traffic on that interface with source's in Net-10.
>
> I'm either brain dead, my sup720-3cxl is, or ???
>
> thanks
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list