|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Blackhole Routes
We use Blackholing extensively to protect our campus network from "bad" machines. I did a writeup (replete my own personal brand of braindead typos) a while back that details out how we set it up using OSPF and uRPF. http://www.merit.edu/mailinglist/mailarchives/old_archive/2003-11/msg00225.html There are mechanisms to do it using eBGP and communities as well which I'm sure most on this list are more familiar with. Think of blackholing as a way to surgically remove a specific IP from your network, without having to deal with pushing ACLs into multiple entry points. At least that's what it accomplishes for us. Robert Hayden Univeristy of Wisconsin Madison On Thu, 30 Sep 2004, Abhishek Verma wrote: > > Hi, > > There are ways to add static routes that can be blackholed. I can > understand the utility of such routes if those are installed in my > forwarding table. What bewilders me is why would anyone want to > advertise "blackhole" routes using say, BGP? > > Is it only to prevent some sort of DoS attacks or are there other uses > also of advertising black hole routes? > > Thanks, > Abhishek > > -- > Class of 2004 > Institute of Technology, BHU > Varanasi, India >
|