Howto for BGP black holing/null routing

Christopher Morrow morrowc.lists at gmail.com
Tue Feb 22 16:06:00 CST 2011


2011/2/22 Jared Mauch <jared at puck.nether.net>:
> Also:
>
> http://docs.as701.net/tmp/CustomerBlackhole.txt
>
> Remember to set eBGP multihop on sessions for the next-hop rewrite capability :)


oh hey, I was looking for that! :) (I'll try to re-setup the
www.secsup.org links tonight) ... this is a 'how to setup so a
customer can blackhole', which you should be able to easily hack to
'make my quagga server a customer, make him be able to blackhole all
of 0/0 by /32s'

keep in mind also that somethings do not react well to k's of /32's ...

> - Jared
>
> On Feb 22, 2011, at 4:54 PM, Łukasz Bromirski wrote:
>
>> On 2011-02-22 22:42, David Hubbard wrote:
>>> I was wondering if anyone has a howto floating around on the
>>> step by step setup of having an internal bgp peer for sending
>>> quick updates to border routers to null route sources of
>>> undesirable traffic?  I've seen it discussed on nanog from
>>> time to time, typically suggesting using Zebra, but could
>>> not search up a link on a step by step.
>>
>> Take a look here for starters:
>> http://www.cisco.com/web/about/security/intelligence/blackhole.pdf
>>
>> Searching through NANOG archives will return a couple of sessions
>> that went through the other vendor configs for such functionality.
>>
>> --
>> "There's no sense in being precise when |               Łukasz Bromirski
>> you don't know what you're talking     |      jid:lbromirski at jabber.org
>> about."               John von Neumann |    http://lukasz.bromirski.net
>
>
>




More information about the NANOG mailing list