Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1153
Views
0
Helpful
2
Replies

Blackhole

Go to solution
Sivakanth Akkapu
Level 1
Level 1

‎08-02-2012 08:00 AM - edited ‎03-04-2019 05:08 PM

Hi,

Can some one explain about "BLACKHOLE" in ip routing and when do we use this option

For Ex :  ip route 0.0.0.0 0.0.0.0 Null0 254 name  BLACKHOLE

Pls explain like above command...                 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Alessio Andreoli
Level 5
Level 5

‎08-02-2012 08:08 AM

You DO NOT want to use this for the 99,999999% of the situaions you will find. A blackhole is a dark way to bring an attack in the BGP world for example and you can have very bad consequences also from a legal point of view.

Instead, using a null interface can be useful to create an entry in the BGP routing table if no synchronization is used. BGP, as you know, will work only with the networks present in the routing table therefore, if i want to advertise 10.10.10.0/24

i can write a static route for this network pointing to "nothing" so that i will have my network in the routing table and i will not forward my subnet in anywhere by static routing.

indeed you can use a null interface as defence as well. Not common but if you have no firewalls on your network and you notice a lot of attacks on your log from a subnet or a set of subnet you can write a static route stating that all the traffic coming from those bad boys subnets are poining to null...

this becomes a kind of "bin" and the souspicious network will never reach the target because they will be routed to "nothing" on your ISP facing router...

Hope it helps a bit

Alessio

PS: however look for the null interfaces... it is a cool topic

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Alessio Andreoli
Level 5
Level 5

‎08-02-2012 08:08 AM

You DO NOT want to use this for the 99,999999% of the situaions you will find. A blackhole is a dark way to bring an attack in the BGP world for example and you can have very bad consequences also from a legal point of view.

Instead, using a null interface can be useful to create an entry in the BGP routing table if no synchronization is used. BGP, as you know, will work only with the networks present in the routing table therefore, if i want to advertise 10.10.10.0/24

i can write a static route for this network pointing to "nothing" so that i will have my network in the routing table and i will not forward my subnet in anywhere by static routing.

indeed you can use a null interface as defence as well. Not common but if you have no firewalls on your network and you notice a lot of attacks on your log from a subnet or a set of subnet you can write a static route stating that all the traffic coming from those bad boys subnets are poining to null...

this becomes a kind of "bin" and the souspicious network will never reach the target because they will be routed to "nothing" on your ISP facing router...

Hope it helps a bit

Alessio

PS: however look for the null interfaces... it is a cool topic

0 Helpful

Go to solution
Sivakanth Akkapu
Level 1
Level 1
In response to Alessio Andreoli

‎08-02-2012 09:48 AM

It's easy to understand

Thanks you Alessio,

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card