Re: [c-nsp] BGP Black hole

Wed, 02 Mar 2011 13:59:14 -0800 

Hello,

neighbor 3.0.0.1 ebgp-multihop 2

on the receiving router will help.

On Wed, 2 Mar 2011, Jay Nakamura wrote:


I am testing BGP black hole setup in my GNS3.  One AS announcing to
the other AS to black hole a prefix.  I am hitting a wall where the
receiving AS shows the prefix I am trying to black hole as
inaccessible and packets gets through.  I thought the basic principle
was to match routes based on community and set the next hop to an IP
that is pointed to null.

ISP2#sh ip bgp 1.0.0.1
BGP routing table entry for 1.0.0.1/32, version 9
Paths: (1 available, no best path)
 Not advertised to any peer
 1
   192.168.255.1 (inaccessible) from 3.0.0.1 (1.0.0.1)
     Origin IGP, metric 0, localpref 100, valid, external
     Community: 1:666

Here is my config.
The side sending the prefix

hostname ISP1
interface Loopback0
ip address 1.0.0.1 255.255.255.255
!
interface FastEthernet1/0
ip address 3.0.0.1 255.255.255.0
duplex auto
speed auto
router bgp 1
no synchronization
bgp log-neighbor-changes
network 1.0.0.0
network 1.0.0.1 mask 255.255.255.255
neighbor 3.0.0.2 remote-as 2
neighbor 3.0.0.2 send-community both
neighbor 3.0.0.2 route-map ISP2Out out
no auto-summary
!
ip route 1.0.0.0 255.0.0.0 Null0 200
!
ip bgp-community new-format
!
ip prefix-list BlackHole seq 5 permit 1.0.0.1/32
!
route-map ISP2Out permit 10
match ip address prefix-list BlackHole
set community 1:666
!
route-map ISP2Out permit 20

The receiving side router

hostname ISP2
interface Loopback0
ip address 2.0.0.1 255.255.255.255
!
interface FastEthernet1/0
ip address 3.0.0.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/1
ip address 192.168.52.3 255.255.255.0
duplex auto
speed auto
!
router bgp 2
no synchronization
bgp log-neighbor-changes
network 2.0.0.0
network 192.168.52.0
neighbor 3.0.0.1 remote-as 1
neighbor 3.0.0.1 route-map ISP1In in
no auto-summary
ip route 192.168.255.1 255.255.255.255 Null0
!
ip bgp-community new-format
ip community-list 1 permit 1:666
!
route-map ISP1In permit 10
match community 1
set ip next-hop 192.168.255.1
!
route-map ISP1In permit 20


What am I missing?
_______________________________________________
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



--
RAZ-RIPE
Technological Systems CJSC
Senior Network Engineer

_______________________________________________
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Reply via email to