[j-nsp] RIB -> FIB filtering.

Phil Bedard philxor at gmail.com
Sat Nov 9 20:05:26 EST 2013


I don't consider a hack, it is what the feature is there for. Of course
it isn't something other vendors support.

Plus I can't think of another way to do it which isn't even more of a
hack.

Phil From: Peter Krupl
Sent: 11/9/2013 8:06
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] RIB -> FIB filtering.
Dear group,

I need to advertise host specific routes for black-holing to our
upstream carriers. But it don't
necessarily want to black-hole the same destinations within our own network.

So in order to get our router to advertise, it must think that the
route is active. So i inject a
valid route into our network from our central black-holing BGP router.
But prevent it from entering the FIB
like this:

set policy-options policy-statement export_rib_to_fib term
filter-blackhole-routes from community 9167-blackhole
set policy-options policy-statement export_rib_to_fib term
filter-blackhole-routes then reject
set policy-options policy-statement export_rib_to_fib term
load-balance then load-balance per-packet
set routing-options forwarding-table export export_rib_to_fib


I have tried to search via Google but i have not found any mention of
the above method.
It seems to work.. is this too hackish for production use ?

I could off course also just install a static host route at the edge
router facing the black-holed
destination, but then it's not a centralized solution. Also having to
install access routes for
connected destinations is ugly.



Is this a sane approach ? Your opinion is appreciated. Alternative approaches ?

Kind regards,
Peter Krüpl



_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list