Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Blackhole

Hi,

Can some one explain about "BLACKHOLE" in ip routing and when do we use this option

For Ex :  ip route 0.0.0.0 0.0.0.0 Null0 254 name  BLACKHOLE

Pls explain like above command...                 

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions

Re: Blackhole

You DO NOT want to use this for the 99,999999% of the situaions you will find. A blackhole is a dark way to bring an attack in the BGP world for example and you can have very bad consequences also from a legal point of view.

Instead, using a null interface can be useful to create an entry in the BGP routing table if no synchronization is used. BGP, as you know, will work only with the networks present in the routing table therefore, if i want to advertise 10.10.10.0/24

i can write a static route for this network pointing to "nothing" so that i will have my network in the routing table and i will not forward my subnet in anywhere by static routing.

indeed you can use a null interface as defence as well. Not common but if you have no firewalls on your network and you notice a lot of attacks on your log from a subnet or a set of subnet you can write a static route stating that all the traffic coming from those bad boys subnets are poining to null...

this becomes a kind of "bin" and the souspicious network will never reach the target because they will be routed to "nothing" on your ISP facing router...

Hope it helps a bit

Alessio

PS: however look for the null interfaces... it is a cool topic

2 REPLIES

Re: Blackhole

You DO NOT want to use this for the 99,999999% of the situaions you will find. A blackhole is a dark way to bring an attack in the BGP world for example and you can have very bad consequences also from a legal point of view.

Instead, using a null interface can be useful to create an entry in the BGP routing table if no synchronization is used. BGP, as you know, will work only with the networks present in the routing table therefore, if i want to advertise 10.10.10.0/24

i can write a static route for this network pointing to "nothing" so that i will have my network in the routing table and i will not forward my subnet in anywhere by static routing.

indeed you can use a null interface as defence as well. Not common but if you have no firewalls on your network and you notice a lot of attacks on your log from a subnet or a set of subnet you can write a static route stating that all the traffic coming from those bad boys subnets are poining to null...

this becomes a kind of "bin" and the souspicious network will never reach the target because they will be routed to "nothing" on your ISP facing router...

Hope it helps a bit

Alessio

PS: however look for the null interfaces... it is a cool topic

New Member

Re: Blackhole

It's easy to understand

Thanks you Alessio,

191
Views
0
Helpful
2
Replies