[c-nsp] Cisco Blackhole ?
Howard Jones
howie at thingy.com
Mon May 11 12:18:45 EDT 2015
Usually it is done on the same session, and the customer adds a special
community for blackhole routes.
The method I saw was:
1) add a null route for a private or test address (e.g. 192.0.2.1/32) on
each router.
2) enable 'ip verify unicast source reachable-via any' on edge
interfaces so that traffic in both directions is dropped for a
null-routed prefix.
3) add a route-map that looks for your special community and changes the
next hop for those prefixes to 192.0.2.1 (also to make sure that the
prefix belongs to that customer, and that the mask length is not too
small (e.g. >28))
Here's an example for a different purpose, but basically the same idea:
http://www.team-cymru.org/bogon-reference-bgp.html
This method also allows you to republish the same blackhole prefix to
your upstream providers if they support it, too (e.g. Level3 use
community 3356:9999 for blackhole) to stop the traffic before it fills
your upstream link.
On 11/05/15 17:03, Olivier CALVANO wrote:
> Hi
>
> I have a network with ~10 router cisco with the full table BGP.
> I want add for my customer a blackhole possibility.
>
> Anyone have a tuto for this ?
>
> i think's add a second bgp session with my customer and when he sent a
> prefix in this session,
> that put a route null on all of my router, it's possible ?
>
> regards
> olivier
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list