[AusNOG] Vyatta BlackHole

Daniel Watson Daniel at glovine.com.au
Thu Jul 24 21:10:36 EST 2014 

Gday Jared,

Appreciate that, Makes a lot more sense in my eyes now :D   greatly appreciated

I knew of the static route option, but was not sure about the community’s  opened my eye up a bit more there :D

Cheers


Regards,
Daniel Watson
Network Administrator / Network Operations Manager

E Daniel at GloVine.com.au
W www.GloVine.com.au

From: Jared Hirst [mailto:jared.hirst at serversaustralia.com.au]
Sent: Thursday, 24 July 2014 9:09 PM
To: Daniel Watson
Cc: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Vyatta BlackHole

Hi Daniel,

Do your upstream providers support the use of community tags?

If so then you can set a blackhole to go upstream of you so that the traffic does not hit your router you would then send them a community tag like :666 to say to them 'hey dont send me x.x.x.x/32' , if they don't then you can just do:

Vyatta:
configure
set protocols static route <ipyouwanttoblackhole>/32  blackhole
commit
save

But blackholing an IP completes a 'ddos attack' and you should try not to do this. best way to mitigate is to scrub!

Cheers,

Jared

On Thu, Jul 24, 2014 at 8:31 PM, Daniel Watson <Daniel at glovine.com.au<mailto:Daniel at glovine.com.au>> wrote:
Hi Guys

I was wondering if somebody on or off-list might be able to assist me,

I was having a chat with an industry person early this week, and was recommended to setup a blackhole community that I can just chuck a single /32 into if I need to null route it at our router,

I was wondering how I can achieve this on Vyatta?


Regards,
Daniel Watson
Network Administrator / Network Operations Manager

E Daniel at GloVine.com.au<mailto:Daniel at GloVine.com.au>
W www.GloVine.com.au<http://www.GloVine.com.au>


_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140724/29db083f/attachment.html>

More information about the AusNOG mailing list