In question #2, I was referring to section of a book I had been reading in. I
have no example to give you. It was about network congestion and the ways to
alievate the problem. One of the suggested methods given, was reminding
people of the fact that when routing updates are generated dynamically in
regards to denied traffic, they include permitted traffic from inbound and
outbound interfaces, but as far as denied traffic, it is only included from
the outbound interface, so it was saying that if you put your denied traffic
on the inbound interface, it makes the dynamically created routing updates
smaller and therefore helps alieviate the problem of congestion because the
updates are smaller. My comment about this was simply meant to suggest that
it seems strange to me that any denied traffic should be included on a routing
update and since outbound is automatically the default on either permitted or
denied traffic, that in itself makes for larger updates and could possibly
create a congestion problem. I was merely commenting that inbound should be
the default and not outbound and that would make more sense. It is however
possible that when the software was created, congestion was not a problem...
Jennifer
>===== Original Message From "Nigel Taylor" <[EMAIL PROTECTED]> =====
>Jennifer,
> From everything I've read and understand the null route is a
>tool that used for various routing decisions, one of them not being a static
>route to a physical network. Note: All traffic directed to the null
>interface is dropped. The results observed by Chuck L fall right in line
>with all the documentation
>I've been reading and the lab examples I've followed.
>
>Nigel..
>
>
>----- Original Message -----
>From: Chuck Larrieu <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Cc: <[EMAIL PROTECTED]>
>Sent: Sunday, December 17, 2000 8:19 PM
>Subject: RE: interface null 0 and access list restrictions
>
>
>> Jennifer, the question intrigued me enough to want to try a Q&D lab. I was
>> originally going to suggest RFC 1812 ( which I just finished browsing )
>but
>> I could locate the section that I thought might have been relevant. I
>> believe, though, that the practices laid out in 1812 require that a router
>> generate the appropriate ICMP message unless some other requirement
>> precludes this.
>>
>> For example, for security reasons one might want to suppress certain
>> information being returned, so one would configure things to mask that
>> information. So one might return an ICMP message of "destination
>> unreachable" or "network unreachable" rather than "administratively
>> prohibited" ( which message might serve as hacker bait )
>>
>> In any case, I constructed a lab using three routers, and placing a static
>> route on router_3 to a particular target network as being null0
>> IP route 199.107.5.0 255.255.255.0 null0
>>
>> When all routing was correctly configured, from router_1 I pinged to
>target
>> address. The response on router_1 was U.U.U.U etc
>>
>> A debug ip icmp on router_3 showed that a host unreachable was being
>> generated and returned to router_1
>>
>> I am not sure how to test routing to the entire network. Generally, in the
>> practice labs I have done, the null0 route shows up as a part of route
>> aggregation.
>>
>> Now in re-reading your question, I am not sure I understand what it is
>you
>> are trying to get to.
>>
>> Also, in #2, I'm not sure I understand what you mean when you say that
>> "routing updates do not include denied traffic on inbound interfaces but
>> they do on outbound" I'm a bit confused about the relationship between
>> routing updates and denied traffic. Do you have an example or two you can
>> provide that might clarify this for me?
>>
>> Thanks.
>>
>> Chuck
>>
>>
>>
>>
>>
>> -----Original Message-----
>> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
>> jennifer cribbs
>> Sent: Saturday, December 16, 2000 10:25 PM
>> To: [EMAIL PROTECTED]
>> Cc: [EMAIL PROTECTED]
>> Subject: interface null 0 and access list restrictions
>>
>> I have two questions:
>>
>> 1-- I realize the command that prevents a router from from forwarding
>data
>> to a remote network without generating an ICMP msg is interface null
>0...and
>> if that is so, what does come back. Does it come back as timed-out??
>>
>> Different subject:
>>
>> 2-- First, in considering routing updates and network congestion....Since
>> routing updates do not include denied traffic on inbound interfaces but
>they
>> do on outbound, why wasn't inbound considered or made the default to help
>> alieviate that same congestion on denied traffic?..... Wouldn't that make
>> more sense?
>>
>>
>> Thank you,
>> Jennifer Cribbs
>> re: [EMAIL PROTECTED]
>>
>> _________________________________
>> FAQ, list archives, and subscription info:
>> http://www.groupstudy.com/list/cisco.html
>> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>>
>> _________________________________
>> FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>>
>
>_________________________________
>FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
------------------------------------------------------------
Have a Good Day!!
Jennifer Cribbs
[EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
