[j-nsp] RTBH
Scott Granados
scott at granados-llc.net
Fri Jan 15 08:17:16 EST 2016
As a side note, this is how I’ve always seen it done. I believe even the RFC refers to this method.
> On Jan 14, 2016, at 8:07 PM, chip <chip.gwyn at gmail.com> wrote:
>
> A strategy that I've seen used is to pick some ip address and add a static
> route for it pointing to discard on every router. Then when you receive
> the route to black-hole, set the next-hop to the discard route. This way
> all routers will drop traffic for the prefix as soon as it enters the
> router instead of running through your network first.
>
>
>
> On Thu, Jan 14, 2016 at 4:10 PM, Johan Borch <johan.borch at gmail.com> wrote:
>
>> Hi!
>>
>> I have implemented RTBH in my small network of 8 routers. DFZ is running in
>> a L3VPN and each router has an multihop ibgp-session with my RTBH-router
>> and it works, but I have one thing that annoys me.
>>
>> If I announce an offending IP to be black holed, only one of the routers
>> will point to the discard route. The other 7 will see the announced route
>> via BGP från the one that got it first I guess and send the traffic to that
>> one where is is discarded. If I do show extensive on the route it is prefer
>> because of IGP. I can't figure out how to get each router to prefer the
>> discard localy. If I do local pref on one router the other 7 will send the
>> traffic there instead.
>>
>> Every router has
>>
>> route a.b.c.d/32 {
>> discard;
>> install;
>> }
>>
>> And from sending RTBH router, they are announced with next-hop a.b.c.d.
>>
>> Idéas? :)
>>
>> Regards
>> Johan
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
>
>
> --
> Just my $.02, your mileage may vary, batteries not included, etc....
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list