[AusNOG] Vyatta BlackHole

Lindsay Hill lindsay.k.hill at gmail.com
Fri Jul 25 07:06:59 EST 2014


Search at packetlife.net and mellowd.co.uk - there's some good examples +
config there for RTBH. Cisco/Juniper focused, but you can easily translate
the configs to Vyatta.


On Thu, Jul 24, 2014 at 11:10 PM, Daniel Watson <Daniel at glovine.com.au>
wrote:

>  Gday Jared,
>
>
>
> Appreciate that, Makes a lot more sense in my eyes now :D   greatly
> appreciated
>
>
>
> I knew of the static route option, but was not sure about the community’s
> opened my eye up a bit more there :D
>
>
>
> Cheers
>
>
>
>
>
> Regards,
>
> Daniel Watson
>
> Network Administrator / Network Operations Manager
>
>
>
> E Daniel at GloVine.com.au
>
> W www.GloVine.com.au
>
>
>
> *From:* Jared Hirst [mailto:jared.hirst at serversaustralia.com.au]
> *Sent:* Thursday, 24 July 2014 9:09 PM
> *To:* Daniel Watson
> *Cc:* ausnog at lists.ausnog.net
> *Subject:* Re: [AusNOG] Vyatta BlackHole
>
>
>
> Hi Daniel,
>
>
>
> Do your upstream providers support the use of community tags?
>
>
>
> If so then you can set a blackhole to go upstream of you so that the
> traffic does not hit your router you would then send them a community tag
> like :666 to say to them 'hey dont send me x.x.x.x/32' , if they don't then
> you can just do:
>
>
>
> Vyatta:
>
> configure
>
> set protocols static route <ipyouwanttoblackhole>/32  blackhole
>
> commit
>
> save
>
>
>
> But blackholing an IP completes a 'ddos attack' and you should try not to
> do this. best way to mitigate is to scrub!
>
>
>
> Cheers,
>
>
>
> Jared
>
>
>
> On Thu, Jul 24, 2014 at 8:31 PM, Daniel Watson <Daniel at glovine.com.au>
> wrote:
>
>  Hi Guys
>
>
>
> I was wondering if somebody on or off-list might be able to assist me,
>
>
>
> I was having a chat with an industry person early this week, and was
> recommended to setup a blackhole community that I can just chuck a single
> /32 into if I need to null route it at our router,
>
>
>
> I was wondering how I can achieve this on Vyatta?
>
>
>
>
>
> Regards,
>
> Daniel Watson
>
> Network Administrator / Network Operations Manager
>
>
>
> E Daniel at GloVine.com.au
>
> W www.GloVine.com.au
>
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140725/cd521d26/attachment.html>


More information about the AusNOG mailing list