configure iproute add blackhole

configure iproute add blackhole {ipv6} [ipv6Netmask] {vr vr_name} {multicast-only | unicast-only}

Description

Adds a blackhole address to the routing table. All traffic destined for an unknown IPv6 destination is silently dropped.

Syntax Description

ipv6Netmask Specifies an IPv6 address/prefix length.
vr_name Specifies the VR or VRF to which the route is added.
multicast-only Specifies only multicast traffic for the route.
unicast-only Specifies only unicast traffic for the route.

Default

If you do not specify a VR or VRF, the current VR context is used.

Usage Guidelines

A blackhole entry directs packets with a matching specified address prefix to be discarded. Blackhole entries are useful as a security measure or in special circumstances where a specific destination address must be discarded. Blackhole entries are treated like permanent entries in the event of a switch reset or power off/on cycle.

The packets are silently discarded. In other words, no ICMP message is sent to indicate that the packets are discarded.

Example

The following example causes packets with a destination address of 2001:db8::3452 to be silently discarded:

configure iproute add blackhole 2001:db8::3452/128

History

This command was first available in ExtremeXOS 10.1.

Support for IPv6 was added in ExtremeXOS 11.2.

Platform Availability

This command is available on the platforms listed for the IPv6 unicast routing feature in the Switch Engine 32.3 Feature License Requirements document.