Hello Johan, Destination Based RTBH:
- The packets are dropped or "black holed" based on the destination to which they are heading to. - Some protected resources(ex: server) inside the network could be the "desinations" here, and all traffic coming from outside to the destination server could be blackholed by the edge router on our network. - This is usually achieved by using BGP, route-maps . This modifies the CEF table entry on the edge router and the traffic destined for the protected server gets dropped right at the edge. Source Based RTBH - The packets COMING from malicious sources can be blocked at the edge. - The focus here is only on the Source of the packets - This can be done by leveraging Unicast reverse path forwarding's property of dropping packets from sources which have routes pointing to null0. - Suppose a packet arrives at the network edge from A . In the edge router, if the route for A is pointing to null 0 and if uRPF is running on that interface, then the packet from Source A gets dropped. Hope this helps. You will be able to find the configuration details HERE -> http://www.cisco.com/web/about/security/intelligence/blackhole.pdf Cheers, TacACK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
