I am testing BGP black hole setup in my GNS3. One AS announcing to the other AS to black hole a prefix. I am hitting a wall where the receiving AS shows the prefix I am trying to black hole as inaccessible and packets gets through. I thought the basic principle was to match routes based on community and set the next hop to an IP that is pointed to null.
ISP2#sh ip bgp 1.0.0.1 BGP routing table entry for 1.0.0.1/32, version 9 Paths: (1 available, no best path) Not advertised to any peer 1 192.168.255.1 (inaccessible) from 3.0.0.1 (1.0.0.1) Origin IGP, metric 0, localpref 100, valid, external Community: 1:666 Here is my config. The side sending the prefix hostname ISP1 interface Loopback0 ip address 1.0.0.1 255.255.255.255 ! interface FastEthernet1/0 ip address 3.0.0.1 255.255.255.0 duplex auto speed auto router bgp 1 no synchronization bgp log-neighbor-changes network 1.0.0.0 network 1.0.0.1 mask 255.255.255.255 neighbor 3.0.0.2 remote-as 2 neighbor 3.0.0.2 send-community both neighbor 3.0.0.2 route-map ISP2Out out no auto-summary ! ip route 1.0.0.0 255.0.0.0 Null0 200 ! ip bgp-community new-format ! ip prefix-list BlackHole seq 5 permit 1.0.0.1/32 ! route-map ISP2Out permit 10 match ip address prefix-list BlackHole set community 1:666 ! route-map ISP2Out permit 20 The receiving side router hostname ISP2 interface Loopback0 ip address 2.0.0.1 255.255.255.255 ! interface FastEthernet1/0 ip address 3.0.0.2 255.255.255.0 duplex auto speed auto ! interface FastEthernet1/1 ip address 192.168.52.3 255.255.255.0 duplex auto speed auto ! router bgp 2 no synchronization bgp log-neighbor-changes network 2.0.0.0 network 192.168.52.0 neighbor 3.0.0.1 remote-as 1 neighbor 3.0.0.1 route-map ISP1In in no auto-summary ip route 192.168.255.1 255.255.255.255 Null0 ! ip bgp-community new-format ip community-list 1 permit 1:666 ! route-map ISP1In permit 10 match community 1 set ip next-hop 192.168.255.1 ! route-map ISP1In permit 20 What am I missing? _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/