[j-nsp] RTBH

Scott Granados scott at granados-llc.net
Fri Jan 15 08:17:16 EST 2016


As a side note, this is how I’ve always seen it done.  I believe even the RFC refers to this method.

> On Jan 14, 2016, at 8:07 PM, chip <chip.gwyn at gmail.com> wrote:
> 
> A strategy that I've seen used is to pick some ip address and add a static
> route for it pointing to discard on every router.  Then when you receive
> the route to black-hole, set the next-hop to the discard route.  This way
> all routers will drop traffic for the prefix as soon as it enters the
> router instead of running through your network first.
> 
> 
> 
> On Thu, Jan 14, 2016 at 4:10 PM, Johan Borch <johan.borch at gmail.com> wrote:
> 
>> Hi!
>> 
>> I have implemented RTBH in my small network of 8 routers. DFZ is running in
>> a L3VPN and each router has an multihop ibgp-session with my RTBH-router
>> and it works, but I have one thing that annoys me.
>> 
>> If I announce an offending IP to be black holed, only one of the routers
>> will point to the discard route. The other 7 will see the announced route
>> via BGP från the one that got it first I guess and send the traffic to that
>> one where is is discarded. If I do show extensive on the route it is prefer
>> because of IGP. I can't figure out how to get each router to prefer the
>> discard localy. If I do local pref on one router the other 7 will send the
>> traffic there instead.
>> 
>> Every router has
>> 
>>     route a.b.c.d/32 {
>>            discard;
>>            install;
>>        }
>> 
>> And from sending RTBH router, they are announced with next-hop a.b.c.d.
>> 
>> Idéas? :)
>> 
>> Regards
>> Johan
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 
> 
> 
> 
> -- 
> Just my $.02, your mileage may vary,  batteries not included, etc....
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list