What is Null Interface or blackhole in router ?

Null interface is a virtual logical interface which always remains up. Null interface is not visible like other physical interfaces such as Ethernet or Gigabit Ethernet interface. Null Interface is typically used to prevent routing loops. i.e. EIGRP always create route to Null Interface ( Null0) when it summaries a group of routes.  All traffic that is routed towards the null interface is dropped.

Routes towards this Null Interface are called as Null routes which discards the packet without forwarding it further towards another interface or destination address. A null interface is also referred to as “bit bucket” or “black hole” interface as it drops the packet immediately after it is received.

For example: if we configure a static route & specify a null interface as the next hop, the packet for that destination network segment will get dropped.

Configuring routes towards a null interface

Router#config terminal
Router(config)#ip route 10.1.10.0 255.255.255.0 null0

This will route all the traffic for destination Network 10.1.10.0/24 towards the null interface & eventually that will get dropped.

Why Null interface is used & what are its benefits?

1. Avoiding routing loops

Null interface is used for preventing routing loops. EIGRP also uses routes towards null interface when summarization of routes is being used.

2. Discarding traffic for unwanted network segments

Null interface is also used for filtering unwanted traffic as it will discard traffic directly which is being routed towards the null interface.

3. Reducing CPU overhead at the Router / Firewall level

Although filtering and blocking the traffic can be achieved using an access control list as well but by using an access control list there will be more CPU overhead. It is often used to block the traffic or blacklist the subnet at the perimeter level itself before it reaches Firewall.

Through null interface, we can’t block any specific protocol traffic, it will completely block the traffic for that particular network address/subnet.

4. Device hardening

Null Interface is also used for device hardening as by routing unused sub-subnets towards null interface, it reduce the risk of denial of service attacks and scanning of IP Blocks to find vulnerable hosts.

Frequently Asked Questions :

Q1: What is Null Interface ?

A: Null 0 interface in the Router is a virtual interface that always remains up.  All traffic that is routed towards the null interface is dropped. Routes towards this interface are called as null routes which discards the packet without forwarding it further towards another interface or destination address.

Q2: How to configure null route in cisco router ?

A: we can simply create a static route towards next hope interface as “null 0” . This can be created for single ip address or subnet as per our requirement.

Q3: Can we configure multiple null interfaces in router ?

A: No, one router can have only one null interface which will be Null0

Q4: When we can block the traffic using access control list then why Null interface is being used?

A: Route towards null interface is easiest & fastest way to block the traffic as it will drops the packets & existing session immediately.

EIGRP uses null interface for routes towards null interface when summarization of routes is being used to avoid routing loops.

Q5: What is the purpose of null route or ” ip route null0″ ?

A:  To drop the packet for respective destination and to avoid routing loops.

Q6: Why null interface is also called as blackhole ?

A:  Since the packets routed towards null interface goes nowhere and gets dropped immediately, hence this is referred as blackhole.

Q7. What is null routing ?

A:  In null routing, we create Null route or blackhole route for an IP address that goes nowhere and drops the packet. The purpose of creating null route is to prevent your host from receiving or sending any data over the Internet.

Leave a Comment