I am testing BGP black hole setup in my GNS3.  One AS announcing to
the other AS to black hole a prefix.  I am hitting a wall where the
receiving AS shows the prefix I am trying to black hole as
inaccessible and packets gets through.  I thought the basic principle
was to match routes based on community and set the next hop to an IP
that is pointed to null.

ISP2#sh ip bgp 1.0.0.1
BGP routing table entry for 1.0.0.1/32, version 9
Paths: (1 available, no best path)
  Not advertised to any peer
  1
    192.168.255.1 (inaccessible) from 3.0.0.1 (1.0.0.1)
      Origin IGP, metric 0, localpref 100, valid, external
      Community: 1:666

Here is my config.
The side sending the prefix

hostname ISP1
interface Loopback0
 ip address 1.0.0.1 255.255.255.255
!
interface FastEthernet1/0
 ip address 3.0.0.1 255.255.255.0
 duplex auto
 speed auto
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 network 1.0.0.0
 network 1.0.0.1 mask 255.255.255.255
 neighbor 3.0.0.2 remote-as 2
 neighbor 3.0.0.2 send-community both
 neighbor 3.0.0.2 route-map ISP2Out out
 no auto-summary
!
ip route 1.0.0.0 255.0.0.0 Null0 200
!
ip bgp-community new-format
!
ip prefix-list BlackHole seq 5 permit 1.0.0.1/32
!
route-map ISP2Out permit 10
 match ip address prefix-list BlackHole
 set community 1:666
!
route-map ISP2Out permit 20

The receiving side router

hostname ISP2
interface Loopback0
 ip address 2.0.0.1 255.255.255.255
!
interface FastEthernet1/0
 ip address 3.0.0.2 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet1/1
 ip address 192.168.52.3 255.255.255.0
 duplex auto
 speed auto
!
router bgp 2
 no synchronization
 bgp log-neighbor-changes
 network 2.0.0.0
 network 192.168.52.0
 neighbor 3.0.0.1 remote-as 1
 neighbor 3.0.0.1 route-map ISP1In in
 no auto-summary
ip route 192.168.255.1 255.255.255.255 Null0
!
ip bgp-community new-format
ip community-list 1 permit 1:666
!
route-map ISP1In permit 10
 match community 1
 set ip next-hop 192.168.255.1
!
route-map ISP1In permit 20


What am I missing?
_______________________________________________
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Reply via email to