[j-nsp] need HELP black holing a /32 via BGP community.

Chuck Anderson cra at WPI.EDU
Sun Sep 18 03:10:20 EDT 2016


You can also directly set the communities on the static route, making
the BGP policy unnecessary:

set routing-options static route A.B.C.D/32 discard community [ 7922:666 1239:66 ]

On Thu, Sep 15, 2016 at 05:12:34PM +0000, Matthew Crocker wrote:
> 
> 
> 
> Static /32 is in and  Sprint (AS1239) uses 1239:66 as the blackhole community.   Some use 666, some have 911
> 
> I think it is working, just need to dig into some looking glasses to see what the world sees.
> 
> Thanks again.
> 
> From: Dave Bell <me at geordish.org>
> Date: Thursday, September 15, 2016 at 1:02 PM
> To: Matthew Crocker <matthew at corp.crocker.com>
> Cc: "juniper-nsp at puck.nether.net" <juniper-nsp at puck.nether.net>
> Subject: Re: [j-nsp] need HELP black holing a /32 via BGP community.
> 
> Looks good. You may just want to add a /32 route so you have one to send.
> 
> set routing-options static route A.B.C.D/32 discard
> 
> Looks like you may be missing a 6 from a community too?
> 
> Regards,
> Dave
> 
> On 15 September 2016 at 17:53, Matthew Crocker <matthew at corp.crocker.com<mailto:matthew at corp.crocker.com>> wrote:
> 
> 
> Hello,
> 
> I have a /32 that I need to add a community to so get my upstreams to blackhole the traffic.
> 
> Can anyone send me any points on how to do that?
> 
> I have:
> 
> policy-statement pl-blackhole {
>     term match-route {
>         from {
>             prefix-list blackhole-prefixes;
>         }
>     }
>     then {
>         community add blackhole;
>         accept;
>     }
> }
> 
> 
> prefix-list blackhole-prefixes {
>     A.B.C.D/32;
> }
> 
> community blackhole members [ 7922:666 1239:66 ];
> 
> 
> 
> I’ve added pl-blockhole to my upstream BGP group export statement.
> 
> Am I on the right track?  What am I missing?


More information about the juniper-nsp mailing list