<div dir="ltr"><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;color:#000000">Hi Daniel,</div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;color:#000000"><br></div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;color:#000000">
Do your upstream providers support the use of community tags?</div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;color:#000000"><br></div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;color:#000000">
If so then you can set a blackhole to go upstream of you so that the traffic does not hit your router you would then send them a community tag like :666 to say to them 'hey dont send me x.x.x.x/32' , if they don't then you can just do:</div>
<div class="gmail_default" style="font-family:trebuchet ms,sans-serif;color:#000000"><br></div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;color:#000000">Vyatta:</div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;color:#000000">
configure</div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;color:#000000">set protocols static route <ipyouwanttoblackhole>/32 blackhole<br></div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;color:#000000">
commit</div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;color:#000000">save</div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;color:#000000"><br></div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;color:#000000">
But blackholing an IP completes a 'ddos attack' and you should try not to do this. best way to mitigate is to scrub!</div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;color:#000000"><br></div>
<div class="gmail_default" style="font-family:trebuchet ms,sans-serif;color:#000000">Cheers,</div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;color:#000000"><br></div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;color:#000000">
Jared</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Jul 24, 2014 at 8:31 PM, Daniel Watson <span dir="ltr"><<a href="mailto:Daniel@glovine.com.au" target="_blank">Daniel@glovine.com.au</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-AU" link="#0563C1" vlink="#954F72">
<div>
<p class="MsoNormal">Hi Guys<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">I was wondering if somebody on or off-list might be able to assist me,<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">I was having a chat with an industry person early this week, and was recommended to setup a blackhole community that I can just chuck a single /32 into if I need to null route it at our router,<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">I was wondering how I can achieve this on Vyatta?<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><span><u></u> <u></u></span></p>
<p class="MsoNormal"><span>Regards,<u></u><u></u></span></p>
<p class="MsoNormal"><span>Daniel Watson<u></u><u></u></span></p>
<p class="MsoNormal"><span>Network Administrator / Network Operations Manager<u></u><u></u></span></p>
<p class="MsoNormal"><span><u></u> <u></u></span></p>
<p class="MsoNormal"><span>E <a href="mailto:Daniel@GloVine.com.au" target="_blank">Daniel@GloVine.com.au</a><u></u><u></u></span></p>
<p class="MsoNormal"><span>W <a href="http://www.GloVine.com.au" target="_blank">www.GloVine.com.au</a><u></u><u></u></span></p>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
<br>_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>
</div></div>