[c-nsp] RTBH and MPLS network

Daemen, Seth, VF-NL Seth.Daemen at vodafone.com
Mon Nov 28 05:08:54 EST 2005 

Oliver thanks, this solution works good for me.

Seth
-----Original Message-----
From: Oliver Boehmer (oboehmer) [mailto:oboehmer at cisco.com] 
Sent: vrijdag 25 november 2005 18:12
To: Daemen, Seth, VF-NL; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] RTBH and MPLS network

Daemen, Seth, VF-NL <mailto:Seth.Daemen at vodafone.com> wrote on Friday,
November 25, 2005 3:10 PM:

> What do you mean with: You need to set the next-hop inbound or
> outbound at your vpnv4 neighbor.
> Maybe a stupid question but I'm a student and I have not much
> experience with mpls VPN's.

assuming you have configured "neighbor x.x.x.x send-community both" on
all your neighbors  within "address-family vpnv4":

route-map static2bgp permit 10
 match tag 666
 set local-preference 200
 set origin igp
 set community 1:1
route-map static2bgp permit 20
...

router bgp XX
 address-family ipv4 vrf XXX
 redistribute static static2bgp

and then

ip community-list 1 permit 1:1
!
route-map blackhole permit 10
 match community 1
 set ip next-hop 192.168.0.1
route-map blackhole permit 20
!
router bgp XX
 address-family vpnv4
  neighbor x.x.x.x route-map blackhole out

this requires that all PE's as well as the vpnv4 route-reflectors (if
present) know about the 192.168.0.1 prefix in the global routing table..

	oli


 


> 
> 
> Seth
> -----Original Message-----
> From: Oliver Boehmer (oboehmer) [mailto:oboehmer at cisco.com]
> Sent: vrijdag 25 november 2005 14:57
> To: Daemen, Seth, VF-NL; cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] RTBH and MPLS network
> 
> Daemen, Seth, VF-NL <mailto:Seth.Daemen at vodafone.com> wrote on Friday,
> November 25, 2005 2:38 PM:
> 
>> No I thinks not that RTBH behaves differently in MPLS networks.
>> Butt I have configuration problems.
>> 
>> In the bgp configuration is a redistribute:
>> 
>> static route-map black-hole-trigger
>> 
>> The following route map is created:
>> 
>> route-map black-hole-trigger, permit, sequence 10
>>   Match clauses:
>>     tag 66
>>   Set clauses:
>>     local-preference 200
>>     origin igp
>>     ip next-hop 192.0.2.1
>> 
>> Static route:
>> 
>> ip route vrf VPN_Internet 2.2.2.2 255.255.255.255 Null0 tag 66
>> 
>> This works well the route 2.2.2.2 is advertised to the other routers
>> also the local-preference is applied. Butt the problem is that the ip
>> next-hop value is ignored. The next-hop address used is the ip
>> address of the advertising router.
> 
> Aha, so you want to use this in an MPLS-*VPN* environment (three
> letters 
> do make a difference :)
> 
> You are right, the PE device in an MPLS-VPN will always do
> next-hop-self 
> when it redistributes the routes into the vpnv4 mesh, this is how
> RFC2547bis works. You need to set the next-hop inbound or outbound at
> your vpnv4 neighbor. Please be aware that a MPLS-VPN PE looks into the
> global routing table to resolve the next-hop, so your route to
> 192.0.2.1 
> needs to be in the global table..
> 
> 	oli

More information about the cisco-nsp mailing list