[c-nsp] BGP Black hole

Anton Turygin pa3op at tsua.net
Wed Mar 2 15:56:03 EST 2011 

Hello,

neighbor 3.0.0.1 ebgp-multihop 2

on the receiving router will help.

On Wed, 2 Mar 2011, Jay Nakamura wrote:

> I am testing BGP black hole setup in my GNS3.  One AS announcing to
> the other AS to black hole a prefix.  I am hitting a wall where the
> receiving AS shows the prefix I am trying to black hole as
> inaccessible and packets gets through.  I thought the basic principle
> was to match routes based on community and set the next hop to an IP
> that is pointed to null.
>
> ISP2#sh ip bgp 1.0.0.1
> BGP routing table entry for 1.0.0.1/32, version 9
> Paths: (1 available, no best path)
>  Not advertised to any peer
>  1
>    192.168.255.1 (inaccessible) from 3.0.0.1 (1.0.0.1)
>      Origin IGP, metric 0, localpref 100, valid, external
>      Community: 1:666
>
> Here is my config.
> The side sending the prefix
>
> hostname ISP1
> interface Loopback0
> ip address 1.0.0.1 255.255.255.255
> !
> interface FastEthernet1/0
> ip address 3.0.0.1 255.255.255.0
> duplex auto
> speed auto
> router bgp 1
> no synchronization
> bgp log-neighbor-changes
> network 1.0.0.0
> network 1.0.0.1 mask 255.255.255.255
> neighbor 3.0.0.2 remote-as 2
> neighbor 3.0.0.2 send-community both
> neighbor 3.0.0.2 route-map ISP2Out out
> no auto-summary
> !
> ip route 1.0.0.0 255.0.0.0 Null0 200
> !
> ip bgp-community new-format
> !
> ip prefix-list BlackHole seq 5 permit 1.0.0.1/32
> !
> route-map ISP2Out permit 10
> match ip address prefix-list BlackHole
> set community 1:666
> !
> route-map ISP2Out permit 20
>
> The receiving side router
>
> hostname ISP2
> interface Loopback0
> ip address 2.0.0.1 255.255.255.255
> !
> interface FastEthernet1/0
> ip address 3.0.0.2 255.255.255.0
> duplex auto
> speed auto
> !
> interface FastEthernet1/1
> ip address 192.168.52.3 255.255.255.0
> duplex auto
> speed auto
> !
> router bgp 2
> no synchronization
> bgp log-neighbor-changes
> network 2.0.0.0
> network 192.168.52.0
> neighbor 3.0.0.1 remote-as 1
> neighbor 3.0.0.1 route-map ISP1In in
> no auto-summary
> ip route 192.168.255.1 255.255.255.255 Null0
> !
> ip bgp-community new-format
> ip community-list 1 permit 1:666
> !
> route-map ISP1In permit 10
> match community 1
> set ip next-hop 192.168.255.1
> !
> route-map ISP1In permit 20
>
>
> What am I missing?
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

-- 
RAZ-RIPE
Technological Systems CJSC
Senior Network Engineer

More information about the cisco-nsp mailing list