Blackholing IPv6 traffic RTBH
Jon Harald Bøvre
jon at bovre.no
Fri Feb 4 20:58:13 CET 2011
Thank you
2001:db8::/32 is a very good alternative
This traffic should be blackholed anyway
Jon
On 04.02.2011 20:40, William F. Maton Sotomayor wrote:
> On Fri, 4 Feb 2011, Jon Harald Bøvre wrote:
>
>> For blackholing undesired a common practice (according to Cisco) is
>> to route the undesired traffic to test-net 192.0.2.1.
>> ip route 192.0.2.1 255.255.255.255 Null0
>>
>> Working on implementing this in a dual-stacked network I could easily
>> find a /64 (or perhaps /128), but standarization in the internet
>> community makes this easier to document and understand
>> My idea was to to map 192.0.2.1 to a 6to4 prefix to ensure this to be
>> unique:
>> ipv6 route 2002:C000:0201::/64 Null0
>>
>> I wonder if there is any RFC or best practice for how to do this in
>> IPv6?
>
> I thought I read one somewhere, but on my dual-stacked black-hole
> server I do this:
>
>
> !
> route-map static-to-bgpv6 permit 5
> match tag 66
> set ipv6 next-hop 2001:DB8::1
> set local-preference 2500
> set origin igp
> set community no-export
> !
> !
> ipv6 route 2001:DB8::/32 Null0 tag 66
> !
>
> (that's the IPv6 prefix for documentation purposes)
>
> Which on my borders that peer with it, then I do this:
>
> ipv6 route 2001:DB8::1/128 Null0
>
> To get the following:
>
> gate#sho ipv6 ro 2001:DB8::/32
> Routing entry for 2001:DB8::/32
> Known via "bgp 25689", distance 200, metric 0, type internal
> Route count is 1/1, share count 0
> Routing paths:
> 2001:DB8::1
> MPLS label: none
> Last updated 7w0d ago
> gate#
>
>
>>
>>
>> Jon Harald Bøvre
>> Hafslund Telekom Nettjenester
>> Norway
>>
>> My purpose is to do source and destination based remote triggered
>> black hole routing (RTBH) for IPv4 and IPv6 equally. I believe there
>> will be a lot of misconfigured IPv6 systems coming.
>>
>>
>
>
> wfms
More information about the ipv6-ops
mailing list