[c-nsp] BGP blackhole community config

Gert Doering gert at greenie.muc.de
Tue Jun 21 03:17:06 EDT 2016


On Tue, Jun 21, 2016 at 08:45:06AM +0200, Mark Tinka wrote:
> On 20/Jun/16 19:41, Jared Mauch wrote:
> > Tags are specific to Cisco, you should be using a community instead.
> We use tags on Juniper quite successfully. Makes it easy to introduce
> static routes into iBGP.
> It irks me that Cisco does not support this.

Cisco does (and has done since ever, we've at least been using it since
11.1 times), but only on *import*.  Our static-to-BGP route-map does
exactly this...

route-map static-to-bgp deny 10
 match tag 25
route-map static-to-bgp permit 20
 match tag 5539
 set local-preference 200
 set origin igp
 set community 5539:408 5539:500
route-map static-to-bgp permit 80
 match tag 666
 set local-preference 1000
 set community 5539:3000 no-export
 set ip next-hop

(and more niche cases)

The IOS XR case is similar

route-policy static-to-bgp
  if tag in (25) then
    # tag 25 = not to BGP
  elseif tag in (5539) then   
    # tag 5539 = globale BGP, to upstream + customres
    set local-preference 200
    set origin igp
    set community (5539:434, 5539:500)

> > You can use something like redistribute static against a route-map that matches the tag and marks your (local) discard community.
> Won't work.
> You can't have a tag as a match condition in Cisco. It will throw up an
> error that the OP shared earlier.

Only if used on BGP export.

USENET is *not* the non-clickable part of WWW!
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 291 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20160621/261033e7/attachment.sig>

More information about the cisco-nsp mailing list