[c-nsp] BGP blackhole community config

Satish Patel satish.txt at gmail.com
Mon Jun 20 13:55:30 EDT 2016 

Jason,

Did you see my full config just pasted 5 minute ago. We don't have
Internal RTBH, its very simple BGP setup we have single Router in our
network connected to single ISP, They said for blackholing use
community 64682:0

They said their side everything is good but somehow its not working.
Do you know how to troubleshoot or debug to see its sending /32 route
to peer or not ?

I tried debug ip routing and i am seeing following


R1#
*Jun 20 15:38:23.212: RT: updating static xx.xx.xx.xx/32 (0x0)  :
    via 0.0.0.0 Nu0  0 1048578

*Jun 20 15:38:23.212: RT: rib update return code: 17

On Mon, Jun 20, 2016 at 1:45 PM, Jason Lixfeld <jason at lixfeld.ca> wrote:
> Assuming your internal RTBH community is 100:666
> Assuming your ISP's RTBH community is 200:666
>
> You will probably have to do it like so:
>
> !
> ip bgp-community new-format
> !
> router bgp 100
>  network x.x.x.x mask 255.255.255.255 route-map RTBH
>  neighbor y.y.y.y send-community
>  neighbor y.y.y.y route-map ADVERTISE-OUT
> !
> ip community-list RTBH-COMM permit 100:666
> !
> route-map RTBH
>  set community 100:666
> !
> route-map ADVERTISE-OUT
>  match community RTBH-COMM
>  set community 200:666
> !
> ip route x.x.x.x 255.255.255.255 null0 250
>
> (from memory, so syntax is probably incorrect)
>
>> On Jun 20, 2016, at 1:38 PM, Satish Patel <satish.txt at gmail.com> wrote:
>>
>> I have tried that too and got this error.
>>
>> R1(config-router)#neighbor xx.xx.xx.xx route-map RTBH out
>> % "RTBH" used as BGP outbound route-map, tag match not supported
>> % not supported match will behave as route-map with no match
>> R1(config-router)#
>>
>> On Mon, Jun 20, 2016 at 11:21 AM, Tim Densmore
>> <tdensmore at tarpit.cybermesa.com> wrote:
>>> You may want to use the "neighbor xxx.xxx.xxx.xxx route-map [route map
>>> name] out" option rather than redistributing the route map.
>>>
>>>
>>> On 6/19/2016 8:07 PM, Satish Patel wrote:
>>>> I have added "ip bgp-community new-format" in global config, but i
>>>> don't have following command in my ASR1006 router
>>>>
>>>> neighbor xx.xx.xx.xx remote-as 200 send-community
>>>>
>>>> so i have added
>>>>
>>>> neighbor xx.xx.xx.xx send-community
>>>>
>>>>
>>>> Still not working :(  do i need to add 192.0.2.1 IP in my route map ?
>>>>
>>>> On Sun, Jun 19, 2016 at 9:06 PM, Rich Davies <rich.davies at gmail.com> wrote:
>>>>> config term
>>>>> !
>>>>> ip bgp-community new-format
>>>>> !
>>>>> router bgp 100
>>>>> neighbor xx.xx.xx.xx remote-as 200 send-community
>>>>> !
>>>>> end
>>>>>
>>>>>
>>>>> Try that and clear your BGP session.   Based on fact you have no "network"
>>>>> statements to announce directly in BGP you are instead redistributing static
>>>>> routes into BGP to be announced.   I believe you need to add the "ip
>>>>> bgp-community new-format" to your global configuration and in addition tell
>>>>> your neighbor statement to "send-community".
>>>>>
>>>>> BGP community is an optional transitive attribute its only sent to external
>>>>> ASN if you tell it to.
>>>>>
>>>>>
>>>>> More on communities indicating they are (optional) transitive attributes:
>>>>> http://www.cisco.com/c/en/us/about/press/internet-protocol-journal/back-issues/table-contents-24/bgp-communities.html
>>>>>
>>>>> On Sun, Jun 19, 2016 at 7:37 PM, Satish Patel <satish.txt at gmail.com> wrote:
>>>>>> We have setup new BGP configuration with ISP and ISP has been told
>>>>>> send community "64682:0" for blackholing. I am new in BGP.
>>>>>>
>>>>>> I was reading BGP community format is ASN:NN but my ISP ASN number
>>>>>> isn't 64682 so i am assuming they gave me example (64682:0)
>>>>>>
>>>>>> This is what i configure in my router.
>>>>>>
>>>>>> router bgp 100
>>>>>> bgp log-neighbor-changes
>>>>>> redistribute static route-map RTBH
>>>>>> neighbor xx.xx.xx.xx remote-as 200
>>>>>>
>>>>>>
>>>>>> route-map RTBH permit 10
>>>>>> match tag 666
>>>>>> set community <ISP_ASN>:666
>>>>>>
>>>>>> route-map RTBH permit 20
>>>>>>
>>>>>>
>>>>>> I have send following null route but it didn't work :(
>>>>>>
>>>>>> ip route xx.x.x.xx 255.255.255.255 Null0 tag 666
>>>>>>
>>>>>>
>>>>>> what i am doing wrong? how do i use community to send blackhole route?
>>>>>> _______________________________________________
>>>>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>>>
>>>> _______________________________________________
>>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>>
>>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list