Re: [j-nsp] RTBH

2016-01-18 Thread Raphael Mazelier
Le 16/01/16 05:42, Hugo Slabbert a écrit : Sure, but I didn't say that it's a problem to distribute/reflect the RTBH route via iBGP; I was specifically talking about injecting the RTBH route into your IGP (OSPF, IS-IS, etc.), which could lead to the types of issues reported by Johan

Re: [j-nsp] RTBH

2016-01-15 Thread Scott Granados
As a side note, this is how I’ve always seen it done. I believe even the RFC refers to this method. > On Jan 14, 2016, at 8:07 PM, chip wrote: > > A strategy that I've seen used is to pick some ip address and add a static > route for it pointing to discard on every

Re: [j-nsp] RTBH

2016-01-15 Thread Luis Balbinot
And remember that if you plan to accept prefixes from external neighbors and send to the black hole route you need "accept-remote-nexthop". On Fri, Jan 15, 2016 at 3:20 PM, Johan Borch wrote: > Thanks > > Setting route preference helped :) > > Johan > > On Fri, Jan 15,

Re: [j-nsp] RTBH

2016-01-15 Thread Johan Borch
Thanks Setting route preference helped :) Johan On Fri, Jan 15, 2016 at 12:23 AM, Charles van Niman wrote: > What route preference is your IGP route, and what IGP? I assume your > discard/static has a route preference of 5? Also, do you mind pasting > the show route

Re: [j-nsp] RTBH

2016-01-15 Thread Raphael Mazelier
Le 15/01/16 17:40, Hugo Slabbert a écrit : Sounds like the router that receives the initial RTBH /32 is re-advertising that to your other peers, i.e.: - RTBH box announces /32 with a.b.c.d/32 next-hop discard via BGP - RTBH BGP peer #1 receives and installs the route - that discard route on

Re: [j-nsp] RTBH

2016-01-15 Thread Hugo Slabbert
-- Hugo cell: 604-617-3133 h...@slabnet.com: email, xmpp/jabber PGP fingerprint (B178313E): CF18 15FA 9FE4 0CD1 2319 1D77 9AB1 0FFD B178 313E (also on Signal) On Thu 2016-Jan-14 22:10:46 +0100, Johan Borch wrote: Hi! I have implemented RTBH in my small network of 8

Re: [j-nsp] RTBH

2016-01-15 Thread Hugo Slabbert
On Fri 2016-Jan-15 18:58:08 +0100, Raphael Mazelier wrote: Le 15/01/16 17:40, Hugo Slabbert a écrit : Sounds like the router that receives the initial RTBH /32 is re-advertising that to your other peers, i.e.: - RTBH box announces /32 with a.b.c.d/32 next-hop discard via

Re: [j-nsp] RTBH

2016-01-14 Thread Charles van Niman
What route preference is your IGP route, and what IGP? I assume your discard/static has a route preference of 5? Also, do you mind pasting the show route extensive output? Is your static discard route in the same routing-instance/VRF as the BGP prefix? /Charles On Thu, Jan 14, 2016 at 3:10 PM,

Re: [j-nsp] RTBH

2016-01-14 Thread chip
A strategy that I've seen used is to pick some ip address and add a static route for it pointing to discard on every router. Then when you receive the route to black-hole, set the next-hop to the discard route. This way all routers will drop traffic for the prefix as soon as it enters the router

[j-nsp] RTBH

2016-01-14 Thread Johan Borch
Hi! I have implemented RTBH in my small network of 8 routers. DFZ is running in a L3VPN and each router has an multihop ibgp-session with my RTBH-router and it works, but I have one thing that annoys me. If I announce an offending IP to be black holed, only one of the routers will point to the