North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Using Policy Routing to stop DoS attacks
On Mon, 12 May 2003, Stefan Mink wrote: > On Tue, Mar 25, 2003 at 04:58:59PM +0000, Christopher L. Morrow wrote: > > you could hold blackhole routes for these destinations in your route table > > (local or bgp) So long as the destination for the source is bad (null for > > instance) the traffic would get dropped. I believe the proper terms from > > cisco for this are: "So long as the adjacency is invalid" ... > > is there a way to make this source-blackhole-routing work > on J's too (does this work with discard-routes too)? > I believe someone from Juniper should likely answer this question :) As I understand the setup from a Cisco perspective (and someone from Cisco can correct me if I get it wrong). uRPF works in such a way that if the source address's destination has an invalid FIB entry (or no entry, or Null0) the packets are dropped. Perhaps Juniper implemented it this way? I have not checked anymore closely than this. Sorry. :(
|