2011/2/22 Jared Mauch <jared@puck.nether.net>:
Also:
http://docs.as701.net/tmp/CustomerBlackhole.txt
Remember to set eBGP multihop on sessions for the next-hop rewrite capability :)
oh hey, I was looking for that! :) (I'll try to re-setup the www.secsup.org links tonight) ... this is a 'how to setup so a customer can blackhole', which you should be able to easily hack to 'make my quagga server a customer, make him be able to blackhole all of 0/0 by /32s' keep in mind also that somethings do not react well to k's of /32's ...
- Jared
On Feb 22, 2011, at 4:54 PM, Łukasz Bromirski wrote:
On 2011-02-22 22:42, David Hubbard wrote:
I was wondering if anyone has a howto floating around on the step by step setup of having an internal bgp peer for sending quick updates to border routers to null route sources of undesirable traffic? I've seen it discussed on nanog from time to time, typically suggesting using Zebra, but could not search up a link on a step by step.
Take a look here for starters: http://www.cisco.com/web/about/security/intelligence/blackhole.pdf
Searching through NANOG archives will return a couple of sessions that went through the other vendor configs for such functionality.
-- "There's no sense in being precise when | Łukasz Bromirski you don't know what you're talking | jid:lbromirski@jabber.org about." John von Neumann | http://lukasz.bromirski.net