[j-nsp] RTBH

[chip]

A strategy that I've seen used is to pick some ip address and add a static
route for it pointing to discard on every router.  Then when you receive
the route to black-hole, set the next-hop to the discard route.  This way
all routers will drop traffic for the prefix as soon as it enters the
router instead of running through your network first.



On Thu, Jan 14, 2016 at 4:10 PM, Johan Borch <johan.borch at gmail.com> wrote:

> Hi!
>
> I have implemented RTBH in my small network of 8 routers. DFZ is running in
> a L3VPN and each router has an multihop ibgp-session with my RTBH-router
> and it works, but I have one thing that annoys me.
>
> If I announce an offending IP to be black holed, only one of the routers
> will point to the discard route. The other 7 will see the announced route
> via BGP från the one that got it first I guess and send the traffic to that
> one where is is discarded. If I do show extensive on the route it is prefer
> because of IGP. I can't figure out how to get each router to prefer the
> discard localy. If I do local pref on one router the other 7 will send the
> traffic there instead.
>
> Every router has
>
>      route a.b.c.d/32 {
>             discard;
>             install;
>         }
>
> And from sending RTBH router, they are announced with next-hop a.b.c.d.
>
> Idéas? :)
>
> Regards
> Johan
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp




-- 
Just my $.02, your mileage may vary,  batteries not included, etc....