Nullroute
Encyclopedia
In computer networking, a null route (blackhole
route) is a network route
(routing table
entry) that goes nowhere. Matching packets are dropped (ignored) rather than forwarded, acting as a kind of very limited firewall
. The act of using null routes is often called blackhole filtering. The rest of this article deals with null routing in the Internet Protocol
(IP).
Null routes are typically configured with a special route flag, but can also be implemented by forwarding packets to an illegal IP address
such as 0.0.0.0, or the loopback address
.
Null routing has an advantage over classical firewalls since it is available on every potential network router (including all modern operating systems), and adds virtually no performance impact. Due to the nature of high-bandwidth routers, null routing can often sustain higher throughput than conventional firewalls. For this reason, null routes are often used on high-performance core router
s to mitigate large-scale denial-of-service attack
s before the packets reach a bottleneck, thus avoiding collateral damage
from DDoS attacks — although the target of the attack will be inaccessible to anyone. Blackhole filtering can also be abused by malicious attackers on compromised routers to filter out traffic destined to a certain address.
However, routing typically only works on the Internet Protocol
layer and is very limited in packet classification. It is bound to be stateless
due to the nature of IP routers. Typically, classification is limited to the destination IP address prefix
, source IP address
and incoming network interface
.
on Linux
:
$ ip route add blackhole 192.168.32.128/32
Nullrouting with 'route' on Solaris and BSD
:
$ route add -host 10.10.0.1 127.0.0.1 -blackhole
$ route add -net 10.10.64.0/18 127.0.0.1 -blackhole
Creating a discard route on Juniper Networks
' Junos
:
set routing-options static route 192.168.0.0/16 discard
Routing to the Null0 interface on Cisco IOS
:
ip route 192.168.0.0 255.255.0.0 Null0
Windows XP/Vista does not support reject or blackhole arguments via route, thus an unused IP address (e.g. 192.168.32.254) must be used as the target gateway:
route -p ADD 192.168.32.128 MASK 255.255.255.255 192.168.32.254
Black hole (networking)
In networking, black holes refer to places in the network where incoming traffic is silently discarded , without informing the source that the data did not reach its intended recipient....
route) is a network route
Routing
Routing is the process of selecting paths in a network along which to send network traffic. Routing is performed for many kinds of networks, including the telephone network , electronic data networks , and transportation networks...
(routing table
Routing table
In computer networking a routing table, or Routing Information Base , is a data table stored in a router or a networked computer that lists the routes to particular network destinations, and in some cases, metrics associated with those routes. The routing table contains information about the...
entry) that goes nowhere. Matching packets are dropped (ignored) rather than forwarded, acting as a kind of very limited firewall
Firewall (computing)
A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass....
. The act of using null routes is often called blackhole filtering. The rest of this article deals with null routing in the Internet Protocol
Internet Protocol
The Internet Protocol is the principal communications protocol used for relaying datagrams across an internetwork using the Internet Protocol Suite...
(IP).
Null routes are typically configured with a special route flag, but can also be implemented by forwarding packets to an illegal IP address
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
such as 0.0.0.0, or the loopback address
Localhost
In computer networking, localhost is the standard hostname given to the address of the loopback network interface. The name is also a reserved top-level domain name In computer networking, localhost (meaning this computer) is the standard hostname given to the address of the loopback network...
.
Null routing has an advantage over classical firewalls since it is available on every potential network router (including all modern operating systems), and adds virtually no performance impact. Due to the nature of high-bandwidth routers, null routing can often sustain higher throughput than conventional firewalls. For this reason, null routes are often used on high-performance core router
Core router
A core router is a router designed to operate in the Internet backbone, or core. To fulfill this role, a router must be able to support multiple telecommunications interfaces of the highest speed in use in the core Internet and must be able to forward IP packets at full speed on all of them. It...
s to mitigate large-scale denial-of-service attack
Denial-of-service attack
A denial-of-service attack or distributed denial-of-service attack is an attempt to make a computer resource unavailable to its intended users...
s before the packets reach a bottleneck, thus avoiding collateral damage
Collateral damage
Collateral damage is damage to people or property that is unintended or incidental to the intended outcome. The phrase is prevalently used as an euphemism for civilian casualties of a military action.-Etymology:...
from DDoS attacks — although the target of the attack will be inaccessible to anyone. Blackhole filtering can also be abused by malicious attackers on compromised routers to filter out traffic destined to a certain address.
However, routing typically only works on the Internet Protocol
Internet Protocol
The Internet Protocol is the principal communications protocol used for relaying datagrams across an internetwork using the Internet Protocol Suite...
layer and is very limited in packet classification. It is bound to be stateless
State (computer science)
In computer science and automata theory, a state is a unique configuration of information in a program or machine. It is a concept that occasionally extends into some forms of systems programming such as lexers and parsers....
due to the nature of IP routers. Typically, classification is limited to the destination IP address prefix
Classless Inter-Domain Routing
Classless Inter-Domain Routing is a method for allocating IP addresses and routing Internet Protocol packets. The Internet Engineering Task Force introduced CIDR in 1993 to replace the previous addressing architecture of classful network design in the Internet...
, source IP address
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
and incoming network interface
Network card
A network interface controller is a computer hardware component that connects a computer to a computer network....
.
Specific examples
Nullrouting with iproute2Iproute2
iproute2 is a collection of utilities for controllingTCP and UDP IP networking and traffic control in Linux, in both IPv4 and IPv6 networks. It is currently maintained by Stephen Hemminger...
on Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
:
$ ip route add blackhole 192.168.32.128/32
Nullrouting with 'route' on Solaris and BSD
Berkeley Software Distribution
Berkeley Software Distribution is a Unix operating system derivative developed and distributed by the Computer Systems Research Group of the University of California, Berkeley, from 1977 to 1995...
:
$ route add -host 10.10.0.1 127.0.0.1 -blackhole
$ route add -net 10.10.64.0/18 127.0.0.1 -blackhole
Creating a discard route on Juniper Networks
Juniper Networks
Juniper Networks is an information technology and computer networking products multinational company, founded in 1996. It is head quartered in Sunnyvale, California, USA. The company designs and sells high-performance Internet Protocol network products and services...
' Junos
Junos
Juniper Junos is the software or the network operating system used in Juniper Networks hardware systems. It is an operating system that is used in Juniper's routing, switching and security devices. Juniper offers a Software Development Kit to partners and customers to allow additional customization...
:
set routing-options static route 192.168.0.0/16 discard
Routing to the Null0 interface on Cisco IOS
Cisco IOS
Cisco IOS is the software used on the vast majority of Cisco Systems routers and current Cisco network switches...
:
ip route 192.168.0.0 255.255.0.0 Null0
Windows XP/Vista does not support reject or blackhole arguments via route, thus an unused IP address (e.g. 192.168.32.254) must be used as the target gateway:
route -p ADD 192.168.32.128 MASK 255.255.255.255 192.168.32.254
See also
- IP blockingIP blockingIP blocking prevents the connection between a server/website and certain IP addresses or ranges of addresses. IP blocking effectively bans undesired connections from those computers to a website, mail server, or other Internet server....
- Computer networking
- RoutingRoutingRouting is the process of selecting paths in a network along which to send network traffic. Routing is performed for many kinds of networks, including the telephone network , electronic data networks , and transportation networks...
- Packet forwarding