[c-nsp] BGP blackhole community config
Gert Doering
gert at greenie.muc.de
Tue Jun 21 03:17:06 EDT 2016
Hi,
On Tue, Jun 21, 2016 at 08:45:06AM +0200, Mark Tinka wrote:
> On 20/Jun/16 19:41, Jared Mauch wrote:
>
> > Tags are specific to Cisco, you should be using a community instead.
>
> We use tags on Juniper quite successfully. Makes it easy to introduce
> static routes into iBGP.
>
> It irks me that Cisco does not support this.
Cisco does (and has done since ever, we've at least been using it since
11.1 times), but only on *import*. Our static-to-BGP route-map does
exactly this...
route-map static-to-bgp deny 10
match tag 25
!
route-map static-to-bgp permit 20
match tag 5539
set local-preference 200
set origin igp
set community 5539:408 5539:500
!
route-map static-to-bgp permit 80
match tag 666
set local-preference 1000
set community 5539:3000 no-export
set ip next-hop 192.0.2.1
!
(and more niche cases)
The IOS XR case is similar
route-policy static-to-bgp
if tag in (25) then
# tag 25 = not to BGP
drop
elseif tag in (5539) then
# tag 5539 = globale BGP, to upstream + customres
set local-preference 200
set origin igp
set community (5539:434, 5539:500)
...
> > You can use something like redistribute static against a route-map that matches the tag and marks your (local) discard community.
>
> Won't work.
>
> You can't have a tag as a match condition in Cisco. It will throw up an
> error that the OP shared earlier.
Only if used on BGP export.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 291 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20160621/261033e7/attachment.sig>
More information about the cisco-nsp
mailing list