[c-nsp] Assistance configuring a router to trigger remote blackhole
Steve Bertrand
steve at ibctech.ca
Fri Sep 18 12:36:36 EDT 2009
Naveen Nathan wrote:
> Hi,
>
> I am new to the list, so please go easy on me.
>
> I'm in need of assistance configuring remote trigger blackhole in
> IOS. This feature is supported by our transit provider. I'm unsure
> if it's working or not, but since the nulled routes don't appear to
> be advertised to the transit peer, I'm assuming not.
>
> I've attached a portion of the cisco-config (substituting sensitive info,
> but it should be easy enough to follow).
>
> Would someone mind suggesting if I'm missing anything of particular
> importance. It would be much appreciated.
If I understand you correctly, wouldn't one need an extra entry in the
OUTBOUND prefix-list that allows host routes to be advertised to the
transit?:
ip bgp-community new-format
!
ip prefix-list NULL seq 5 deny 0.0.0.0/0 le 32
!
ip prefix-list OUTBOUND seq 5 permit [BLOCK_B]/22
ip prefix-list OUTBOUND seq 10 permit [BLOCK_C]/22
ip prefix-list OUTBOUND seq 15 permit [BLOCK_A]/21
! just an example for illustration... it looks kind of dangerous
ip prefix-list OUTBOUND seq 20 permit 0.0.0.0/0 le 32
Steve
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3233 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20090918/bd4a18be/attachment.bin>
More information about the cisco-nsp
mailing list