[AusNOG] Vyatta BlackHole

Jared Hirst jared.hirst at serversaustralia.com.au
Thu Jul 24 21:09:27 EST 2014


Hi Daniel,

Do your upstream providers support the use of community tags?

If so then you can set a blackhole to go upstream of you so that the
traffic does not hit your router you would then send them a community tag
like :666 to say to them 'hey dont send me x.x.x.x/32' , if they don't then
you can just do:

Vyatta:
configure
set protocols static route <ipyouwanttoblackhole>/32  blackhole
commit
save

But blackholing an IP completes a 'ddos attack' and you should try not to
do this. best way to mitigate is to scrub!

Cheers,

Jared


On Thu, Jul 24, 2014 at 8:31 PM, Daniel Watson <Daniel at glovine.com.au>
wrote:

>  Hi Guys
>
>
>
> I was wondering if somebody on or off-list might be able to assist me,
>
>
>
> I was having a chat with an industry person early this week, and was
> recommended to setup a blackhole community that I can just chuck a single
> /32 into if I need to null route it at our router,
>
>
>
> I was wondering how I can achieve this on Vyatta?
>
>
>
>
>
> Regards,
>
> Daniel Watson
>
> Network Administrator / Network Operations Manager
>
>
>
> E Daniel at GloVine.com.au
>
> W www.GloVine.com.au
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140724/b7a5244e/attachment.html>


More information about the AusNOG mailing list