Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

default route to null0 with admin distance of 255

Cisco's Security Auditor makes a recommendation that the command "ip route 0.0.0.0 0.0.0.0 null 0 255" rapidly discard packets with invalid destination addresses.

Link is at: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml#anti_spoofing

Question is - with an admin distance of 255 - why does this command have any impact - it should not enter the routing table. Also - even if it does, why is it any different than the router not finding a match in its routing table and dropping the packet.

Thanks!

  • WAN Routing and Switching
2 REPLIES
Cisco Employee

Re: default route to null0 with admin distance of 255

I agree with you on the first point. This is a mistake since a route with an AD of 255 would never be installed in the RIB. I will make sure I take it to our documentation team for correction.

On the second point, performancewise, it is much better for the router to forward a packet to null0 following the default route than for the router to find out it has no route to destination, drop the packet and probably to send an ICMP unreachable message back to the source of that packet.

Hope this helps,

New Member

Re: default route to null0 with admin distance of 255

Thanks, this is very helpful

1496
Views
5
Helpful
2
Replies
This widget could not be displayed.