[j-nsp] need HELP black holing a /32 via BGP community.
Matthew Crocker
matthew at corp.crocker.com
Thu Sep 15 13:12:34 EDT 2016
Static /32 is in and Sprint (AS1239) uses 1239:66 as the blackhole community. Some use 666, some have 911
I think it is working, just need to dig into some looking glasses to see what the world sees.
Thanks again.
From: Dave Bell <me at geordish.org>
Date: Thursday, September 15, 2016 at 1:02 PM
To: Matthew Crocker <matthew at corp.crocker.com>
Cc: "juniper-nsp at puck.nether.net" <juniper-nsp at puck.nether.net>
Subject: Re: [j-nsp] need HELP black holing a /32 via BGP community.
Looks good. You may just want to add a /32 route so you have one to send.
set routing-options static route A.B.C.D/32 discard
Looks like you may be missing a 6 from a community too?
Regards,
Dave
On 15 September 2016 at 17:53, Matthew Crocker <matthew at corp.crocker.com<mailto:matthew at corp.crocker.com>> wrote:
Hello,
I have a /32 that I need to add a community to so get my upstreams to blackhole the traffic.
Can anyone send me any points on how to do that?
I have:
policy-statement pl-blackhole {
term match-route {
from {
prefix-list blackhole-prefixes;
}
}
then {
community add blackhole;
accept;
}
}
prefix-list blackhole-prefixes {
A.B.C.D/32;
}
community blackhole members [ 7922:666 1239:66 ];
I’ve added pl-blockhole to my upstream BGP group export statement.
Am I on the right track? What am I missing?
--
Matthew Crocker
President – Crocker Communications
matthew at corp.crocker.com<mailto:matthew at corp.crocker.com><mailto:matthew at corp.crocker.com<mailto:matthew at corp.crocker.com>>
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list