Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
385
Views
0
Helpful
3
Replies

Null interface question

Go to solution
christianpho
Level 1
Level 1

‎04-02-2008 09:49 AM - edited ‎03-05-2019 10:08 PM

Hi,

I'm currently prepared my BCMSN certification Exam.

I would like to know what is the difference between forwarding paquet to the Null Interface (silently absorb paquets, whitout farwording them) and simply drop the paquet without sending ICMP paquet to the sender....

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎04-02-2008 09:53 AM

Christian

They are generally doing 2 different things. When a packet is dropped but no ICMP packet sent back this is usually for security reasons to not give away any more information than is needed.

Routing to Null0 is usually used to

1) Stop routing loops - IGP's

2) Place a route into the IGP routing table so that BGP can then advertise it out.

Is there a specific context you were thinking of ?

Jon

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎04-02-2008 09:53 AM

Christian

They are generally doing 2 different things. When a packet is dropped but no ICMP packet sent back this is usually for security reasons to not give away any more information than is needed.

Routing to Null0 is usually used to

1) Stop routing loops - IGP's

2) Place a route into the IGP routing table so that BGP can then advertise it out.

Is there a specific context you were thinking of ?

Jon

0 Helpful

Go to solution
christianpho
Level 1
Level 1
In response to Jon Marshall

‎04-02-2008 03:02 PM

thanks a lot !!

0 Helpful

Go to solution
mirco.orlandi
Level 1
Level 1

‎04-02-2008 02:41 PM

My points are finalized to exam pass.

1) No difference from sender point of view (packet is silently discarded)

2) Match criteria:

- with acl you have Layer3 (src ip address also) + Layer4 match criteria

- with Null0 you can discard based on destination IP address only

3) Because you are preparing BCMSN, remember that exist L2 ACL (mac based filter). Null0 work only at L3

4) Using ACL can produce more CPU usage than Null0 static route. If you use "log", the packet is process-switched, not fast-switched.

From "best practise" point of view, I agree with Jon.

Regards,

Mirco.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card