Hi Stuart - Yes you are right. When I tried advertising the discard address between edge routers via IBGP it still pinged! Even though the route was there, it went back to the trigger router IP not to null0. It only worked when I made the static route on all the edge routers. I was thinking along the lines that if you were a large ISP with lots of edge routers you would not want to have to maintain a static route on each router. Thanks to everyone who helped me understand this.
From: Stuart Hare [mailto:[email protected]] Sent: Friday, January 29, 2010 11:21 PM To: Michael Davis Cc: [email protected] Subject: Re: [OSL | CCIE_Security] Lab 7a task 7.19 Source based RTBH Michael, Ive not tried the method you are suggesting. The idea with source based RTBH is to use URPF loose mode to drop the traffic based on source address of the packet, to prevent whats effectively a DOS to the target when using the alternative destination based RTBH. What you are doing is basically a pre setup of your devices, with the relevant static routes to null0 and BGP configuration, so you only need to apply the static route to 86.86.86.86 with a tag of 86 to the trigger router. Which will quickly prevent such attacks. Once advertised, URPF will then drop any packets from this source, based on it expecting the traffic to arrive via the null0 interface. This method is manipulating the routing based on the specifc criteria. By advertising the discard address directly via BGP wouldnt the return path be back to trigger router? Were you able to drop the traffic as specified by the task? HTH Stu On Fri, Jan 29, 2010 at 11:49 AM, Michael Davis <[email protected]<mailto:[email protected]>> wrote: Sorry I meant task 7.19 - its late over here... From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Michael Davis Sent: Friday, January 29, 2010 10:36 PM To: [email protected]<mailto:[email protected]> Subject: [OSL | CCIE_Security] Lab 7a task 7.20 Source based RTBH Hi Everyone - I don't understand the solution for task 7.20. I just advertised the discard address route of 86.86.86.86 to null0 on the trigger router (R6) using IBGP. The solution guide created static routes to this address on all 3 routers. Is what I have done o.k? I would have thought it easier to just advertise the dummy network via IBGP than to create static routes to it on the individual routers. Does anyone know where to look in the documentation for RTBH? I have only been able to find documentation using a google search. _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com<http://www.ipexpert.com/> -- Regards, Stuart Hare CCIE #25616 (Security), CCSP, Microsoft MCP Sr. Support Engineer - IPexpert, Inc. URL: http://www.IPexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
