RTBH Remote Triggered Blackhole Filtering for Black list IPs - logging option?
There is a requirement to block black list IP Addresses both source and destination IP Addresses as well as log them at relevant boundary routers. Options are:
1. Inbound and Outbound Interface ACLs which are a menace to keep up with and take a lot from the CPU but "easier to log".
2. RTBH with Strict Mode URPF currently being used. This way the black listed host routes are routed to Null 0 and don't hit the process switching plane. However the dilemma here is logging. The sinkhole option appears to be a little cumbersome(redirecting black list IP Addresses to a special Tunnel that leads to a sinkhole device) especially considering the boundary routers happen to be in different geographical locations(and countries).
Any efficient methods of logging with option 2?