Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Null 0 interface !!!!!!

What is a Null 0 Interface ?

How is it useful with reference to Static routes ?

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Null 0 interface !!!!!!

Think of the Null 0 interface as a garbage bin. Anything directed to that interface will be dropped. It is a virtual network interface (similar to the loopback interface). But while traffic sent to the loopback interface is directed to the router itself, traffic sent to the null interface is discarded.The null interface is not configured with an address. Traffic can only be sent to this interface by configuring a static route where the next hop is the Null0 interface. This interface is always up and can never forward or receive traffic. It is also an alternative method of filtering traffic.

4 REPLIES

Re: Null 0 interface !!!!!!

It comes useful at times with DoS attacks, for example if you know source of attacker you can put a 32 bit static route in to route traffic to that IP to the null0 interface which drops the traffic. You could also filter it but a null0 route does same.

I've also seen another company use it on one of their routers where they used OSPF to distribute the routes to all their routers and they wanted one site to not have access to a certain subnet so they put to static to null0 for it on that one router.

New Member

Re: Null 0 interface !!!!!!

Think of the Null 0 interface as a garbage bin. Anything directed to that interface will be dropped. It is a virtual network interface (similar to the loopback interface). But while traffic sent to the loopback interface is directed to the router itself, traffic sent to the null interface is discarded.The null interface is not configured with an address. Traffic can only be sent to this interface by configuring a static route where the next hop is the Null0 interface. This interface is always up and can never forward or receive traffic. It is also an alternative method of filtering traffic.

Green

Re: Null 0 interface !!!!!!

Edit: Never mind, I missed the "Static Route" reference in the original post.

NULL0 is the most efficient way, in terms of processor / resource utilization to dispose of a defined group of packets / traffic.

NULL0 interfaces are created by some routing protocols automatically. The advertised NULL interface represents an aggregate address to the peer routers.

Packets sent to the aggregate / supernet are then evaluated locally, and the more specific route will be chosen according to the routing table (the most specific route is used to determine the forwarding path).

I believe EIGRP used the NULL0 mechanism for summerized addresses, for example.

FWIW

Scott

Gold

Re: Null 0 interface !!!!!!

The null0 interface is the "discard interface." Any packets which are routed to null0 are dropped by CEF, so they are quickly discarded in the switching path. There are a lot of reasons to use a route to null0, mostly involving originating a route into a network in way that prevents routing loops. Since the first reply dealt with the route to null0, called the discard route, built by eigrp, I'll continue there, and show how this works.

Suppose you have a router with this configuration:

interface serial 0

ip address 10.1.1.1 255.255.255.0

!

interface serial 1

ip address 10.2.2.2 255.255.255.0

ip summary-address eigrp 10.1.0.0 255.255.0.0

!

router eigrp 100

network 10.0.0.0

Now, suppose this router had an eigrp peer connected to serial 1 which was advertising a default route. So, this router (let's call it A) is learning a default from it's peer, and the other router (let's call it B) is learning 10.1.0.0/16 from A. What happens when a packet arrives which is destined for any address within the summary, but for which there is no real route, other than the summary, in the routing table?

A will examine its routing table, and find the destination address matches the default route, and send it to B. B will examine its routing table, and find a longer prefix match, the 10.1.0.0/16 it is learning from A, and send it back to A. A will again examine its routing table, and find it only matches the default route, and send it to B.

You have a permanent routing loop. So, to resolve this problem, routing protocols (all of them), install a discard route that covers the summary address space. What would happen if EIGRP created the discard route in this case? A would receive the packet, discover the best match is 10.1.0.0/16, and discard the packet. No routing loop.

You can use the same principle when building a static route you are advertising outside the network, treating it like a summary. The discard route protects the network against routing loops in these cases.

The route to null0 is also useful when trying to add a little security to your network, or prevent someone from using a specific address range, or address space. And there are other reasons, but I won't go into all of them here....

:-)

Russ

454
Views
0
Helpful
4
Replies
CreatePlease login to create content