[e-nsp] Getting ExtremeWare to accept Null Routes via BGP

Jo Rhett jrhett at svcolo.com
Wed Feb 13 15:01:52 EST 2008


So first you should know that any packet you blackhole is handled in  
software at the CPU, not by ASIC.  Yeah, ignore the docs.  And yeah,  
extreme support will claim otherwise until you show them the cpu  
counters and they escalate and engineering with confirm.  You can't  
do an IP blackhole without all that traffic going to CPU.  You must  
use a mac-level blackhole.

Do this:

create vlan dropPackets
configure vlan "dropPackets" ipaddress 192.168.2.1 255.255.255.255
enable loopback-mode vlan "dropPackets"

create fdbentry 00:11:22:33:44:55 vlan "dropPackets" blackhole dest-mac
configure iparp add 192.168.2.1 00:11:22:33:44:55

You'll notice that I changed the IP address from 192.0.2.1 to  
192.168.2.1.  Yes, and you should too.  192.0 is a valid, routable IP  
block in use on the Internet.  192.168.x.x is non-routable, and  
that's what you should be using.

On Feb 8, 2008, at 7:05 PM, Drew Weaver wrote:
>         Hi there, I am trying to add our one remaining black  
> diamond to our RTBH configuration and I am finding it difficult to  
> get ExtremeWare to accept routes into BGP which the "NextHop" is  
> unreachable.
>
> Of course, I made the NextHop unreachable, because that is the  
> point...
>
> i.e.
>
> 02/09/2008 02:00:34.94 <Summ:BGP.UpdateIn.RtRejNhUnreach> NLRI  
> 10.1.2.184 /25
> 5.255.255.248 Type unicast Reject: NextHop 192.0.2.1 is unreachable
>
> configure iproute add blackhole 192.0.2.1 255.255.255.255
>
> we have that static route so that when we add a route to our route- 
> server with the destination of 192.0.2.1 it will automatically  
> Blackhole it on every switch on our network.
>
> Does anyone have any clues?
>
> Thanks,
> -Drew
> _______________________________________________
> extreme-nsp mailing list
> extreme-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/extreme-nsp

-- 
Jo Rhett
senior geek

Silicon Valley Colocation
Support Phone: 408-400-0550






More information about the extreme-nsp mailing list