[c-nsp] question on s/rtbh 6500 with sup720-3cxl

Jordan Whited jwhited0917 at gmail.com
Mon Feb 9 00:59:48 EST 2015


The 10/8 sourced traffic ingress on te4/1 should hit the bit bucket if you don’t have any more specific routes. Might still be getting sampled prior. I would be curious what the destination interface index is in the exported flow records.

Nothing wrong with an input ACL to drop rfc1918 if the interface is strictly carrying GRT traffic.

I would make a big stink about any rfc1918 sourced traffic ingress from a transit provider.

> On Feb 8, 2015, at 11:39 PM, John Brown <john at citylinkfiber.com> wrote:
> 
> Quick dumb question on S/RTBH.
> I get all the foo around the dynamic nature of using BGP to inject the
> bad prefix (source or dest) we want to drop.
> 
> At present we do this with destination dropping / blackholing.   I
> want to drop RFC 1918 sourced packets coming to me at my edge towards
> providers / peers.  I've got one provider sending me nearly 80Mb/s
> worth traffic with the source IP being in Net-10.  Their answer is for
> me to ACL it. ICK
> 
> My thought was to enable loose uRPF on the interface  and create a
> static route for net-10 pointing to null0
> 
> interface te4/1
>   ip verify unicast source reachable-via any
> 
> ip route 10.0.0.0 255.0.0.0 null0
> 
> shouldn't that cause net-10 into the FIB with a ptr to null0 and thus
> uRPF will discard ??
> 
> Netflow still shows traffic on that interface with source's in Net-10.
> 
> I'm either brain dead, my sup720-3cxl is, or ???
> 
> thanks
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/




More information about the cisco-nsp mailing list