In BGP , I used to put in null route for those
networks that I want to advertise via BGP but in the
igp routing table
suaveguru
--- Nigel Taylor <[EMAIL PROTECTED]> wrote:
> Jennifer,
> From everything I've read and
> understand the null route is a
> tool that used for various routing decisions, one of
> them not being a static
> route to a physical network. Note: All traffic
> directed to the null
> interface is dropped. The results observed by Chuck
> L fall right in line
> with all the documentation
> I've been reading and the lab examples I've
> followed.
>
> Nigel..
>
>
> ----- Original Message -----
> From: Chuck Larrieu <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Sunday, December 17, 2000 8:19 PM
> Subject: RE: interface null 0 and access list
> restrictions
>
>
> > Jennifer, the question intrigued me enough to want
> to try a Q&D lab. I was
> > originally going to suggest RFC 1812 ( which I
> just finished browsing )
> but
> > I could locate the section that I thought might
> have been relevant. I
> > believe, though, that the practices laid out in
> 1812 require that a router
> > generate the appropriate ICMP message unless some
> other requirement
> > precludes this.
> >
> > For example, for security reasons one might want
> to suppress certain
> > information being returned, so one would configure
> things to mask that
> > information. So one might return an ICMP message
> of "destination
> > unreachable" or "network unreachable" rather than
> "administratively
> > prohibited" ( which message might serve as hacker
> bait )
> >
> > In any case, I constructed a lab using three
> routers, and placing a static
> > route on router_3 to a particular target network
> as being null0
> > IP route 199.107.5.0 255.255.255.0 null0
> >
> > When all routing was correctly configured, from
> router_1 I pinged to
> target
> > address. The response on router_1 was U.U.U.U etc
> >
> > A debug ip icmp on router_3 showed that a host
> unreachable was being
> > generated and returned to router_1
> >
> > I am not sure how to test routing to the entire
> network. Generally, in the
> > practice labs I have done, the null0 route shows
> up as a part of route
> > aggregation.
> >
> > Now in re-reading your question, I am not sure I
> understand what it is
> you
> > are trying to get to.
> >
> > Also, in #2, I'm not sure I understand what you
> mean when you say that
> > "routing updates do not include denied traffic on
> inbound interfaces but
> > they do on outbound" I'm a bit confused about the
> relationship between
> > routing updates and denied traffic. Do you have an
> example or two you can
> > provide that might clarify this for me?
> >
> > Thanks.
> >
> > Chuck
> >
> >
> >
> >
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On Behalf Of
> > jennifer cribbs
> > Sent: Saturday, December 16, 2000 10:25 PM
> > To: [EMAIL PROTECTED]
> > Cc: [EMAIL PROTECTED]
> > Subject: interface null 0 and access list
> restrictions
> >
> > I have two questions:
> >
> > 1-- I realize the command that prevents a router
> from from forwarding
> data
> > to a remote network without generating an ICMP msg
> is interface null
> 0...and
> > if that is so, what does come back. Does it come
> back as timed-out??
> >
> > Different subject:
> >
> > 2-- First, in considering routing updates and
> network congestion....Since
> > routing updates do not include denied traffic on
> inbound interfaces but
> they
> > do on outbound, why wasn't inbound considered or
> made the default to help
> > alieviate that same congestion on denied
> traffic?..... Wouldn't that make
> > more sense?
> >
> >
> > Thank you,
> > Jennifer Cribbs
> > re: [EMAIL PROTECTED]
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
> >
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
