RTBH Remote Triggered Blackhole Filtering for Black list IPs - logging option?

There is a requirement to block black list IP Addresses both source and destination IP Addresses  as well as log them at relevant boundary routers. Options are:

1. Inbound and Outbound Interface ACLs which are a menace to keep up with and take a lot from the CPU but "easier to log".

2. RTBH with Strict Mode URPF currently being used. This way the black listed host routes are routed to Null 0 and don't hit the process switching plane. However the dilemma here is logging. The sinkhole option appears to be a little cumbersome(redirecting black list IP Addresses to a special Tunnel that leads to a sinkhole device) especially considering the boundary routers happen to be in different geographical locations(and countries).

Any efficient methods of logging with option 2?

Sign In or Register to comment.