[j-nsp] RIB -> FIB filtering.
Morgan McLean
wrx230 at gmail.com
Sat Nov 9 10:32:23 EST 2013
Can you establish a separate bgp neighbor and use a different routing
instance or a dedicated black hole route server or something? That seems
way too hackish to me.
On Saturday, November 9, 2013, Peter Krupl wrote:
> Dear group,
>
> I need to advertise host specific routes for black-holing to our upstream
> carriers. But it don't
> necessarily want to black-hole the same destinations within our own
> network.
>
> So in order to get our router to advertise, it must think that the route
> is active. So i inject a
> valid route into our network from our central black-holing BGP router. But
> prevent it from entering the FIB
> like this:
>
> set policy-options policy-statement export_rib_to_fib term
> filter-blackhole-routes from community 9167-blackhole
> set policy-options policy-statement export_rib_to_fib term
> filter-blackhole-routes then reject
> set policy-options policy-statement export_rib_to_fib term load-balance
> then load-balance per-packet
> set routing-options forwarding-table export export_rib_to_fib
>
>
> I have tried to search via Google but i have not found any mention of the
> above method.
> It seems to work.. is this too hackish for production use ?
>
> I could off course also just install a static host route at the edge
> router facing the black-holed
> destination, but then it's not a centralized solution. Also having to
> install access routes for
> connected destinations is ugly.
>
>
>
> Is this a sane approach ? Your opinion is appreciated. Alternative
> approaches ?
>
> Kind regards,
> Peter Krüpl
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net <javascript:;>
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
Thanks,
Morgan
More information about the juniper-nsp
mailing list