Blackhole Routes

Christopher L. Morrow christopher.morrow at mci.com
Thu Sep 30 16:50:55 UTC 2004



On Thu, 30 Sep 2004, Deepak Jain wrote:

>
>
> It sounds like you are confusing ideas here...
>
> If BGP is making a forwarding table entry, that's it. Ports are not
> really considered in forwarding decisions -- or if they are, the box is
> usually called a Firewall, not a router.
>

Just thinking out loud here... BUT, you could potentially (provided you
had the interfaces and time) re-next-hop certain traffic based on source
or destination address (dest would be easiest, which means catching
syn-ack and discarding it to drop the sessions as embryos) and filter out
'bad' stuff in a more centralized manner. There are risks with this, of
course, and complications which you'll probably want to avoid in any
decently large network. As Deepak points out though, this is leading down
some very dark paths of midnight-troubleshooting on complex configurations
:(

-Chris



More information about the NANOG mailing list