Blackholing IPv6 traffic RTBH

William F. Maton Sotomayor wmaton at
Fri Feb 4 20:40:34 CET 2011

On Fri, 4 Feb 2011, Jon Harald Bøvre wrote:

> For blackholing undesired a common practice (according to Cisco) is to route 
> the undesired traffic to test-net
> ip route Null0
> Working on implementing this in a dual-stacked network I could easily find a 
> /64 (or perhaps /128), but standarization in the internet community makes 
> this easier to document and understand
> My idea was to to map to a 6to4 prefix to ensure this to be unique:
> ipv6 route 2002:C000:0201::/64 Null0
> I wonder if there is any RFC or best practice for how to do this in IPv6?

I thought I read one somewhere, but on my dual-stacked black-hole server I 
do this:

route-map static-to-bgpv6 permit 5
  match tag 66
  set ipv6 next-hop 2001:DB8::1
  set local-preference 2500
  set origin igp
  set community no-export
ipv6 route 2001:DB8::/32 Null0 tag 66

(that's the IPv6 prefix for documentation purposes)

Which on my borders that peer with it, then I do this:

ipv6 route 2001:DB8::1/128 Null0

To get the following:

gate#sho ipv6 ro 2001:DB8::/32
Routing entry for 2001:DB8::/32
   Known via "bgp 25689", distance 200, metric 0, type internal
   Route count is 1/1, share count 0
   Routing paths:
       MPLS label: none
       Last updated 7w0d ago

> Jon Harald Bøvre
> Hafslund Telekom Nettjenester
> Norway
> My purpose is to do source and destination based remote triggered black hole 
> routing (RTBH) for IPv4 and IPv6 equally. I believe there will be a lot of 
> misconfigured IPv6 systems coming.


More information about the ipv6-ops mailing list