[c-nsp] BGP blackhole community config

Jason Lixfeld jason at lixfeld.ca
Mon Jun 20 13:45:36 EDT 2016


Assuming your internal RTBH community is 100:666
Assuming your ISP's RTBH community is 200:666

You will probably have to do it like so:

!
ip bgp-community new-format
!
router bgp 100
 network x.x.x.x mask 255.255.255.255 route-map RTBH
 neighbor y.y.y.y send-community 
 neighbor y.y.y.y route-map ADVERTISE-OUT
!
ip community-list RTBH-COMM permit 100:666
!
route-map RTBH
 set community 100:666
!
route-map ADVERTISE-OUT
 match community RTBH-COMM
 set community 200:666
!
ip route x.x.x.x 255.255.255.255 null0 250

(from memory, so syntax is probably incorrect)

> On Jun 20, 2016, at 1:38 PM, Satish Patel <satish.txt at gmail.com> wrote:
> 
> I have tried that too and got this error.
> 
> R1(config-router)#neighbor xx.xx.xx.xx route-map RTBH out
> % "RTBH" used as BGP outbound route-map, tag match not supported
> % not supported match will behave as route-map with no match
> R1(config-router)#
> 
> On Mon, Jun 20, 2016 at 11:21 AM, Tim Densmore
> <tdensmore at tarpit.cybermesa.com> wrote:
>> You may want to use the "neighbor xxx.xxx.xxx.xxx route-map [route map
>> name] out" option rather than redistributing the route map.
>> 
>> 
>> On 6/19/2016 8:07 PM, Satish Patel wrote:
>>> I have added "ip bgp-community new-format" in global config, but i
>>> don't have following command in my ASR1006 router
>>> 
>>> neighbor xx.xx.xx.xx remote-as 200 send-community
>>> 
>>> so i have added
>>> 
>>> neighbor xx.xx.xx.xx send-community
>>> 
>>> 
>>> Still not working :(  do i need to add 192.0.2.1 IP in my route map ?
>>> 
>>> On Sun, Jun 19, 2016 at 9:06 PM, Rich Davies <rich.davies at gmail.com> wrote:
>>>> config term
>>>> !
>>>> ip bgp-community new-format
>>>> !
>>>> router bgp 100
>>>> neighbor xx.xx.xx.xx remote-as 200 send-community
>>>> !
>>>> end
>>>> 
>>>> 
>>>> Try that and clear your BGP session.   Based on fact you have no "network"
>>>> statements to announce directly in BGP you are instead redistributing static
>>>> routes into BGP to be announced.   I believe you need to add the "ip
>>>> bgp-community new-format" to your global configuration and in addition tell
>>>> your neighbor statement to "send-community".
>>>> 
>>>> BGP community is an optional transitive attribute its only sent to external
>>>> ASN if you tell it to.
>>>> 
>>>> 
>>>> More on communities indicating they are (optional) transitive attributes:
>>>> http://www.cisco.com/c/en/us/about/press/internet-protocol-journal/back-issues/table-contents-24/bgp-communities.html
>>>> 
>>>> On Sun, Jun 19, 2016 at 7:37 PM, Satish Patel <satish.txt at gmail.com> wrote:
>>>>> We have setup new BGP configuration with ISP and ISP has been told
>>>>> send community "64682:0" for blackholing. I am new in BGP.
>>>>> 
>>>>> I was reading BGP community format is ASN:NN but my ISP ASN number
>>>>> isn't 64682 so i am assuming they gave me example (64682:0)
>>>>> 
>>>>> This is what i configure in my router.
>>>>> 
>>>>> router bgp 100
>>>>> bgp log-neighbor-changes
>>>>> redistribute static route-map RTBH
>>>>> neighbor xx.xx.xx.xx remote-as 200
>>>>> 
>>>>> 
>>>>> route-map RTBH permit 10
>>>>> match tag 666
>>>>> set community <ISP_ASN>:666
>>>>> 
>>>>> route-map RTBH permit 20
>>>>> 
>>>>> 
>>>>> I have send following null route but it didn't work :(
>>>>> 
>>>>> ip route xx.x.x.xx 255.255.255.255 Null0 tag 666
>>>>> 
>>>>> 
>>>>> what i am doing wrong? how do i use community to send blackhole route?
>>>>> _______________________________________________
>>>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>> 
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>> 
>> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list