Blackhole Routes
Robert A. Hayden
rhayden at geek.net
Thu Sep 30 13:45:23 UTC 2004
We use Blackholing extensively to protect our campus network from "bad"
machines. I did a writeup (replete my own personal brand of braindead
typos) a while back that details out how we set it up using OSPF and uRPF.
http://www.merit.edu/mail.archives/nanog/2003-11/msg00225.html
There are mechanisms to do it using eBGP and communities as well which I'm
sure most on this list are more familiar with.
Think of blackholing as a way to surgically remove a specific IP from your
network, without having to deal with pushing ACLs into multiple entry
points. At least that's what it accomplishes for us.
Robert Hayden
Univeristy of Wisconsin Madison
On Thu, 30 Sep 2004, Abhishek Verma wrote:
>
> Hi,
>
> There are ways to add static routes that can be blackholed. I can
> understand the utility of such routes if those are installed in my
> forwarding table. What bewilders me is why would anyone want to
> advertise "blackhole" routes using say, BGP?
>
> Is it only to prevent some sort of DoS attacks or are there other uses
> also of advertising black hole routes?
>
> Thanks,
> Abhishek
>
> --
> Class of 2004
> Institute of Technology, BHU
> Varanasi, India
>
More information about the NANOG
mailing list