[c-nsp] BGP Black hole

Jay Nakamura zeusdadog at gmail.com
Wed Mar 2 16:28:46 EST 2011


That made it work.  Why does that make it work?  I thought
ebgp-multihop was used when the peer was not directly connected.  I
will go look up the command....

On Wed, Mar 2, 2011 at 3:56 PM, Anton Turygin <pa3op at tsua.net> wrote:
> Hello,
>
> neighbor 3.0.0.1 ebgp-multihop 2
>
> on the receiving router will help.
>
> On Wed, 2 Mar 2011, Jay Nakamura wrote:
>
>> I am testing BGP black hole setup in my GNS3.  One AS announcing to
>> the other AS to black hole a prefix.  I am hitting a wall where the
>> receiving AS shows the prefix I am trying to black hole as
>> inaccessible and packets gets through.  I thought the basic principle
>> was to match routes based on community and set the next hop to an IP
>> that is pointed to null.
>>
>> ISP2#sh ip bgp 1.0.0.1
>> BGP routing table entry for 1.0.0.1/32, version 9
>> Paths: (1 available, no best path)
>>  Not advertised to any peer
>>  1
>>   192.168.255.1 (inaccessible) from 3.0.0.1 (1.0.0.1)
>>     Origin IGP, metric 0, localpref 100, valid, external
>>     Community: 1:666
>>
>> Here is my config.
>> The side sending the prefix
>>
>> hostname ISP1
>> interface Loopback0
>> ip address 1.0.0.1 255.255.255.255
>> !
>> interface FastEthernet1/0
>> ip address 3.0.0.1 255.255.255.0
>> duplex auto
>> speed auto
>> router bgp 1
>> no synchronization
>> bgp log-neighbor-changes
>> network 1.0.0.0
>> network 1.0.0.1 mask 255.255.255.255
>> neighbor 3.0.0.2 remote-as 2
>> neighbor 3.0.0.2 send-community both
>> neighbor 3.0.0.2 route-map ISP2Out out
>> no auto-summary
>> !
>> ip route 1.0.0.0 255.0.0.0 Null0 200
>> !
>> ip bgp-community new-format
>> !
>> ip prefix-list BlackHole seq 5 permit 1.0.0.1/32
>> !
>> route-map ISP2Out permit 10
>> match ip address prefix-list BlackHole
>> set community 1:666
>> !
>> route-map ISP2Out permit 20
>>
>> The receiving side router
>>
>> hostname ISP2
>> interface Loopback0
>> ip address 2.0.0.1 255.255.255.255
>> !
>> interface FastEthernet1/0
>> ip address 3.0.0.2 255.255.255.0
>> duplex auto
>> speed auto
>> !
>> interface FastEthernet1/1
>> ip address 192.168.52.3 255.255.255.0
>> duplex auto
>> speed auto
>> !
>> router bgp 2
>> no synchronization
>> bgp log-neighbor-changes
>> network 2.0.0.0
>> network 192.168.52.0
>> neighbor 3.0.0.1 remote-as 1
>> neighbor 3.0.0.1 route-map ISP1In in
>> no auto-summary
>> ip route 192.168.255.1 255.255.255.255 Null0
>> !
>> ip bgp-community new-format
>> ip community-list 1 permit 1:666
>> !
>> route-map ISP1In permit 10
>> match community 1
>> set ip next-hop 192.168.255.1
>> !
>> route-map ISP1In permit 20
>>
>>
>> What am I missing?
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
> --
> RAZ-RIPE
> Technological Systems CJSC
> Senior Network Engineer
>
>



More information about the cisco-nsp mailing list