|
|
|
![[NOC: CalREN Backbone FAQs]](../../pix/faq/faq_header.GIF)
- Blackhole Routing:
- The CENIC CalREN DC, ISP, and HPR networks support the use of specific BGP
communities to trigger blackhole routing. By tagging routes with specific BGP
communities, the CENIC network will dump all traffic destined to the host or network
tagged with the community. Specific communities will also be passed on to transit ISP
providers that support blackhole routing.
- Associate Network Connectivity Requirements:
-
CENIC associates that wish to have this capability must EBGP peer with CENIC
CalREN network. EBGP - Multihop with a TTL of 2 is required for CENIC side of
peering and highly recommended for campus side. This allows the next hop destination
to null to be inserted in to the routing table.
- Communities:
-
The following communities are currently supported for blackhole routing:
- Accepted on DC peerings:
- 2152:666 — Blackhole All
Triggers null routing of packets on all DC, ISP, and HPR routers. Sends
blackhole communities to supported transit ISP providers and Abilene.
This community effectively drops ALL traffic going to the tagged route at
any supporting router. ISP transit providers not supporting blackhole
routing do not receive the route.
- 2152:667 — Blackhole ISP
Triggers null routing ONLY on ISP transit connections. Any traffic
sourced from commodity peering, Abilene, or other CENIC CalREN
associates is allowed to pass through.
- Accepted on ISP peerings:
- 2152:667 — Blackhole ISP
Same as on DC
- Accepted on HPR peerings:
- 2153:666 — Blackhole HPR — All
Null routes packets within the HPR backbone and coming from Abilene.
Acts on all HPR routers so all traffic regardless the source is dropped when
entering the HPR network.
|
Accepted Community
|
DC
|
ISP
|
ISP-Transit
|
HPR
|
Commodity
|
Abilene
|
DC 2152:666 | X | X | X | X | | X |
DC 2152:666 | | X | X | | | |
ISP 2152:666 | | X | X | | | |
HPR 2153:666 | | | | X | | X |
- Additional Information:
- By default, CENIC will accept tagged routes with prefix length from standard advertised
mask down to /32.
- Prefixes that are to be advertised to Abilene must be /24 or longer.
- If advertising a blackhole route with the same prefix length as the normally
advertised network, it is highly recommended that the blackhole advertisement be
split in half. For example a normally advertised /20 will be blackhole tagged as 2
/21's.
- Procedure to Activate Service:
-
- Open a ticket with the CENIC NOC by emailing noc@cenic.org requesting
blackhole capability on DC, HPR, or ISP networks.
- CENIC will schedule a maintenance time to make configuration changes and reset
the BGP session. EBGP — Multihop TTL 2 is required.
- Sample Configuration:
-
Below is a sample Cisco configuration that can be used to inject tagged routes in to BGP
to be advertised to CENIC. This is only one of several ways this can be done.
For more information, please visit http://www.secsup.org/CustomerBlackHole/.
!
router bgp 54321
redistribute static route-map static-to-bgp
!
route-map static-to-bgp permit 5
match tag 666
set community additive 2152:666
!
ip route 2.2.2.2 255.255.255.255 Null0 tag 666
|
|
|
![[NOC: Network Maps]](../../pix/global/int_maps.gif){kind=small}
![[NOC: Management Tools]](../../pix/global/int_mgttools.gif){kind=small}
![[NOC: Common Customer Requests]](../../pix/global/int_requests.gif){kind=small}
![[NOC: Frequently Asked Questions]](../../pix/global/int_faq_hl.gif){kind=small}
![[General Questions]](../../pix/faq/int_faq_general.gif){kind=small}
![[BGP Routing Protocol]](../../pix/faq/int_faq_bgp_hl.gif){kind=small}
![[NOC: Network Policies]](../../pix/global/int_policies.gif){kind=small}
![[NOC: Customer Survey]](../../pix/global/int_survey.gif){kind=small}
![[Network Operations Center]](http://noc.cenic.org/pix/global/noc_button_hl.gif){kind=small}
![[CalREN Video Services]](http://noc.cenic.org/pix/global/cvs_button.gif){kind=small}
![[Board Member Login]](http://noc.cenic.org/pix/global/board_button.gif){kind=small}