What about no-install https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/no-install-edit-protocols.html ?
On Tue, 19 Mar 2024 at 10:44, Lee Starnes via juniper-nsp < juniper-nsp@puck.nether.net> wrote: > Hello Juniper gurus. I am seeing an issue where we have a carrier that does > RTBH via BGP announcement rather than community strings. This is done via > BGP peer to a blackhole BGP router/server. > > My issue here is that our aggregate IP block that is announced to our > backbone providers gets impacted when creating a /32 static discard route > to announce to that blackhole peer. > > The blackhole peer does receive the /32 announcement, but the aggregate > route also becomes discarded and thus routes to the other peers stop > working. > > Been trying to determine just how to accomplish this function without > killing all routes. > > So we have several /30 to /23 routes within our /19 block that are > announced via OSPF from our switches to the routers. The routers aggregate > these to the /19 to announce the entire larger block to the backbone > providers. > > The blackhole peer takes routes down to a /32 for mitigation of an attack. > If we add a static route as "route x.x.22.12/32 discard" we get: > > show route x.x.22.10 > > inet.0: 931025 destinations, 2787972 routes (931025 active, 0 holddown, 0 > hidden) > @ = Routing Use Only, # = Forwarding Use Only > + = Active Route, - = Last Active, * = Both > > x.x.0.0/19 *[OSPF/125] 5d 19:26:19, metric 20, tag 0 > > to 10.20.20.3 via ae0.0 > [Aggregate/130] 5d 20:18:36 > Reject > > > While we see the more specific route as discard: > > show route x.x.22.12 > > inet.0: 931022 destinations, 2787972 routes (931022 active, 0 holddown, 0 > hidden) > @ = Routing Use Only, # = Forwarding Use Only > + = Active Route, - = Last Active, * = Both > x.x.22.12/32 *[Static/5] 5d 20:20:07 > Discard > > > > Does anyone have a working config for this type of setup that might be able > to share some tips or the likes on what I need to do or what I'm doing > wrong? > > Best, > > -Lee > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp