[j-nsp] BGP route announcements and Blackholes

Peter Van Oene petvan at gmail.com
Tue Mar 26 21:01:10 EDT 2024 

Don't really follow this either.  Aggregate routes should use a discard NH
- I always tend not to use the aggregate route type and simply use static
routes with discard NH and attach the BGP communities I need directly to
them, but I don't see how this is an issue in your case.

Are you saying when you create the /32 discard, you stop advertising the
/19?  or something else?

P

On Tue, Mar 19, 2024 at 1:44 PM Lee Starnes via juniper-nsp <
juniper-nsp at puck.nether.net> wrote:

> Hello Juniper gurus. I am seeing an issue where we have a carrier that does
> RTBH via BGP announcement rather than community strings. This is done via
> BGP peer to a blackhole BGP router/server.
>
> My issue here is that our aggregate IP block that is announced to our
> backbone providers gets impacted when creating a /32 static discard route
> to announce to that blackhole peer.
>
> The blackhole peer does receive the /32 announcement, but the aggregate
> route also becomes discarded and thus routes to the other peers stop
> working.
>
> Been trying to determine just how to accomplish this function without
> killing all routes.
>
> So we have several /30 to /23 routes within our /19 block that are
> announced via OSPF from our switches to the routers. The routers aggregate
> these to the /19 to announce the entire larger block to the backbone
> providers.
>
> The blackhole peer takes routes down to a /32 for mitigation of an attack.
> If we add a static route as "route x.x.22.12/32 discard" we get:
>
> show route x.x.22.10
>
> inet.0: 931025 destinations, 2787972 routes (931025 active, 0 holddown, 0
> hidden)
> @ = Routing Use Only, # = Forwarding Use Only
> + = Active Route, - = Last Active, * = Both
>
> x.x.0.0/19     *[OSPF/125] 5d 19:26:19, metric 20, tag 0
>                     >  to 10.20.20.3 via ae0.0
>                     [Aggregate/130] 5d 20:18:36
>                        Reject
>
>
> While we see the more specific route as discard:
>
> show route x.x.22.12
>
> inet.0: 931022 destinations, 2787972 routes (931022 active, 0 holddown, 0
> hidden)
> @ = Routing Use Only, # = Forwarding Use Only
> + = Active Route, - = Last Active, * = Both
> x.x.22.12/32    *[Static/5] 5d 20:20:07
>                        Discard
>
>
>
> Does anyone have a working config for this type of setup that might be able
> to share some tips or the likes on what I need to do or what I'm doing
> wrong?
>
> Best,
>
> -Lee
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list