[c-nsp] BGP blackhole community config
Satish Patel
satish.txt at gmail.com
Mon Jun 20 16:59:50 EDT 2016
I wasn't aware of that, for testing i just pick one of router LAN side
interface and send null route trigger. Now i know BGP won't let you do
that.. Good to know
On Mon, Jun 20, 2016 at 4:58 PM, Nick Cutting <ncutting at edgetg.com> wrote:
> Not sure why you would want to null route a connected route?
> If it's in the routing table already, can be candidate for BGP table
>
> -----Original Message-----
> From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Satish Patel
> Sent: Monday, June 20, 2016 4:52 PM
> To: Jason Lixfeld
> Cc: Cisco Network Service Providers
> Subject: Re: [c-nsp] BGP blackhole community config
>
> I am also in impression that it should work but it didn't. as soon as i use 192.168.100.2 (Host IP) it works!! look like router won't let you do null route own IP address.
>
> On Mon, Jun 20, 2016 at 3:13 PM, Jason Lixfeld <jason at lixfeld.ca> wrote:
>> Unless I’m dumb, I don’t quite see how trying to RTBH 192.168.100.1 should matter. The /32 should work because it’s a more specific prefix than the /24 attached to the interface.
>>
>>> On Jun 20, 2016, at 2:57 PM, Satish Patel <satish.txt at gmail.com> wrote:
>>>
>>> Its working now!! you know what is the problem? You guys going to
>>> beat me :(
>>>
>>> Let me example what i was doing. on my Router i have two interface.
>>>
>>> 1. 10.10.10.1/30 - Peer IP
>>> 2. 192.168.100.1/24 - Host Subnet
>>>
>>> I was sending null route for 192.168.100.1/32 IP address which was
>>> configured on router interface which BGP won't let you do null route..
>>> :(
>>>
>>> when i did 192.168.100.2 host IP address it works!! this is crazy..
>>> :(
>>>
>>> Sorry guys for trouble but its not documented anywhere you can't do
>>> blackhole router interface IP. Just wonder what if attack send DDoS
>>> on router IP address????
>>>
>>>
>>>
>>> On Mon, Jun 20, 2016 at 2:12 PM, Jason Lixfeld <jason at lixfeld.ca> wrote:
>>>>> On Jun 20, 2016, at 1:55 PM, Satish Patel <satish.txt at gmail.com> wrote:
>>>>>
>>>>> Do you know how to troubleshoot or debug to see its sending /32
>>>>> route to peer or not ?
>>>>
>>>> show bgp neighbors y.y.y.y advertised-routes
>>>>
>>>>
>>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list