Hi Johan, Exactly as Chip has put it.
In our setup we inject the routes into iBGP with this policy: @foo.re0> show configuration policy-options policy-statement ps-RTBH-routes-export term RTBH-injection { from { protocol static; tag 666; route-filter 0.0.0.0/0 prefix-length-range /32-/32; } then { community add RTBH; community add no-export; next-hop 192.0.2.101; accept; } } @foo.re0> show configuration policy-options policy-statement ps-RTBH-routes-export-v6 term RTBH-injection { from { protocol static; tag 666; route-filter ::/0 prefix-length-range /128-/128; } then { community add RTBH; community add no-export; next-hop 100::; accept; } } Then on *every* router, next-hops 192.0.2.101 and 100:: have a static discard route: set routing-options static route 192.0.2.101/32 discard set routing-options static route 192.0.2.101/32 no-readvertise set routing-options rib inet6.0 static route 0100::/64 discard set routing-options rib inet6.0 static route 0100::/64 no-readvertise The trick is that the next-hop in the RTBH route points to the discard route; the RTBH route itself does not have next-hop discard. Does that help you? Kind regards, Niall > -----Original Message----- > From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of > chip > Sent: 15 January 2016 01:07 > To: Johan Borch > Cc: juniper-nsp@puck.nether.net > Subject: Re: [j-nsp] RTBH > > A strategy that I've seen used is to pick some ip address and add a static > route > for it pointing to discard on every router. Then when you receive the route > to > black-hole, set the next-hop to the discard route. This way all routers will > drop > traffic for the prefix as soon as it enters the router instead of running > through > your network first. > > > > On Thu, Jan 14, 2016 at 4:10 PM, Johan Borch <johan.bo...@gmail.com> > wrote: > > > Hi! > > > > I have implemented RTBH in my small network of 8 routers. DFZ is > > running in a L3VPN and each router has an multihop ibgp-session with > > my RTBH-router and it works, but I have one thing that annoys me. > > > > If I announce an offending IP to be black holed, only one of the > > routers will point to the discard route. The other 7 will see the > > announced route via BGP från the one that got it first I guess and > > send the traffic to that one where is is discarded. If I do show > > extensive on the route it is prefer because of IGP. I can't figure out > > how to get each router to prefer the discard localy. If I do local > > pref on one router the other 7 will send the traffic there instead. > > > > Every router has > > > > route a.b.c.d/32 { > > discard; > > install; > > } > > > > And from sending RTBH router, they are announced with next-hop a.b.c.d. > > > > Idéas? :) > > > > Regards > > Johan > > _______________________________________________ > > juniper-nsp mailing list juniper-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/juniper-nsp > > > > > -- > Just my $.02, your mileage may vary, batteries not included, etc.... > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp