That made it work. Why does that make it work? I thought ebgp-multihop was used when the peer was not directly connected. I will go look up the command....
On Wed, Mar 2, 2011 at 3:56 PM, Anton Turygin <pa...@tsua.net> wrote: > Hello, > > neighbor 3.0.0.1 ebgp-multihop 2 > > on the receiving router will help. > > On Wed, 2 Mar 2011, Jay Nakamura wrote: > >> I am testing BGP black hole setup in my GNS3. One AS announcing to >> the other AS to black hole a prefix. I am hitting a wall where the >> receiving AS shows the prefix I am trying to black hole as >> inaccessible and packets gets through. I thought the basic principle >> was to match routes based on community and set the next hop to an IP >> that is pointed to null. >> >> ISP2#sh ip bgp 1.0.0.1 >> BGP routing table entry for 1.0.0.1/32, version 9 >> Paths: (1 available, no best path) >> Not advertised to any peer >> 1 >> 192.168.255.1 (inaccessible) from 3.0.0.1 (1.0.0.1) >> Origin IGP, metric 0, localpref 100, valid, external >> Community: 1:666 >> >> Here is my config. >> The side sending the prefix >> >> hostname ISP1 >> interface Loopback0 >> ip address 1.0.0.1 255.255.255.255 >> ! >> interface FastEthernet1/0 >> ip address 3.0.0.1 255.255.255.0 >> duplex auto >> speed auto >> router bgp 1 >> no synchronization >> bgp log-neighbor-changes >> network 1.0.0.0 >> network 1.0.0.1 mask 255.255.255.255 >> neighbor 3.0.0.2 remote-as 2 >> neighbor 3.0.0.2 send-community both >> neighbor 3.0.0.2 route-map ISP2Out out >> no auto-summary >> ! >> ip route 1.0.0.0 255.0.0.0 Null0 200 >> ! >> ip bgp-community new-format >> ! >> ip prefix-list BlackHole seq 5 permit 1.0.0.1/32 >> ! >> route-map ISP2Out permit 10 >> match ip address prefix-list BlackHole >> set community 1:666 >> ! >> route-map ISP2Out permit 20 >> >> The receiving side router >> >> hostname ISP2 >> interface Loopback0 >> ip address 2.0.0.1 255.255.255.255 >> ! >> interface FastEthernet1/0 >> ip address 3.0.0.2 255.255.255.0 >> duplex auto >> speed auto >> ! >> interface FastEthernet1/1 >> ip address 192.168.52.3 255.255.255.0 >> duplex auto >> speed auto >> ! >> router bgp 2 >> no synchronization >> bgp log-neighbor-changes >> network 2.0.0.0 >> network 192.168.52.0 >> neighbor 3.0.0.1 remote-as 1 >> neighbor 3.0.0.1 route-map ISP1In in >> no auto-summary >> ip route 192.168.255.1 255.255.255.255 Null0 >> ! >> ip bgp-community new-format >> ip community-list 1 permit 1:666 >> ! >> route-map ISP1In permit 10 >> match community 1 >> set ip next-hop 192.168.255.1 >> ! >> route-map ISP1In permit 20 >> >> >> What am I missing? >> _______________________________________________ >> cisco-nsp mailing list cisco-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-nsp >> archive at http://puck.nether.net/pipermail/cisco-nsp/ >> > > -- > RAZ-RIPE > Technological Systems CJSC > Senior Network Engineer > > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/