Howto for BGP black holing/null routing
Christopher Morrow
morrowc.lists at gmail.com
Tue Feb 22 22:06:00 UTC 2011
2011/2/22 Jared Mauch <jared at puck.nether.net>:
> Also:
>
> http://docs.as701.net/tmp/CustomerBlackhole.txt
>
> Remember to set eBGP multihop on sessions for the next-hop rewrite capability :)
oh hey, I was looking for that! :) (I'll try to re-setup the
www.secsup.org links tonight) ... this is a 'how to setup so a
customer can blackhole', which you should be able to easily hack to
'make my quagga server a customer, make him be able to blackhole all
of 0/0 by /32s'
keep in mind also that somethings do not react well to k's of /32's ...
> - Jared
>
> On Feb 22, 2011, at 4:54 PM, Łukasz Bromirski wrote:
>
>> On 2011-02-22 22:42, David Hubbard wrote:
>>> I was wondering if anyone has a howto floating around on the
>>> step by step setup of having an internal bgp peer for sending
>>> quick updates to border routers to null route sources of
>>> undesirable traffic? I've seen it discussed on nanog from
>>> time to time, typically suggesting using Zebra, but could
>>> not search up a link on a step by step.
>>
>> Take a look here for starters:
>> http://www.cisco.com/web/about/security/intelligence/blackhole.pdf
>>
>> Searching through NANOG archives will return a couple of sessions
>> that went through the other vendor configs for such functionality.
>>
>> --
>> "There's no sense in being precise when | Łukasz Bromirski
>> you don't know what you're talking | jid:lbromirski at jabber.org
>> about." John von Neumann | http://lukasz.bromirski.net
>
>
>
More information about the NANOG
mailing list