Re: Howto for BGP black holing/null routing

[Christopher Morrow <morrowc.lists () gmail com>]

2011/2/22 Jared Mauch <jared () puck nether net>:
> Also:
>
> http://docs.as701.net/tmp/CustomerBlackhole.txt
>
> Remember to set eBGP multihop on sessions for the next-hop rewrite capability :)


oh hey, I was looking for that! :) (I'll try to re-setup the
www.secsup.org links tonight) ... this is a 'how to setup so a
customer can blackhole', which you should be able to easily hack to
'make my quagga server a customer, make him be able to blackhole all
of 0/0 by /32s'

keep in mind also that somethings do not react well to k's of /32's ...

> - Jared
>
> On Feb 22, 2011, at 4:54 PM, Łukasz Bromirski wrote:
>
> > On 2011-02-22 22:42, David Hubbard wrote:
> > > I was wondering if anyone has a howto floating around on the
> > > step by step setup of having an internal bgp peer for sending
> > > quick updates to border routers to null route sources of
> > > undesirable traffic?  I've seen it discussed on nanog from
> > > time to time, typically suggesting using Zebra, but could
> > > not search up a link on a step by step.
> >
> > Take a look here for starters:
> > http://www.cisco.com/web/about/security/intelligence/blackhole.pdf
> >
> > Searching through NANOG archives will return a couple of sessions
> > that went through the other vendor configs for such functionality.
> >
> > --
> > "There's no sense in being precise when |               Łukasz Bromirski
> > you don't know what you're talking     |      jid:lbromirski () jabber org
> > about."               John von Neumann |    http://lukasz.bromirski.net