This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Routes from bgp with nexthop to blackhole

Routes from bgp with nexthop to blackhole

EtherNation_Use
Contributor II

‎01-07-2014 09:52 PM

Create Date: Mar 30 2012 4:26AM

Hi,

I'm trying to set up remotely triggered blackhole functionality.

From my blackhole triggering router, I send routes with next-hop of 192.0.2.1.

On all routers I have configured a static route for 192.0.2.1:

configure iproute add blackhole ipv4 192.0.2.1/32

However, it seems that whenever a route has a next-hop to a blackhole route, I is unfeasible.

# show bgp neighbor 2.13.1.6 received-routes all Routes: Destination Peer Next-Hop LPref Weight MED AS-Path ---------------------------------------------------------------------------------------- u i 2.13.8.8/32 2.13.1.6 192.0.2.1 100 1 0 u i 2.13.9.2/32 2.13.1.6 192.0.2.1 100 1 0 I can't see that I'm doing anything wrong, perhaps I need some settings to allow this scenario. Similar configurations works on other implementations than Extreme??

(from Kenneth_Oestrup)
0 Kudos
4 REPLIES 4

EtherNation_Use
Contributor II

‎01-07-2014 09:52 PM

Create Date: May 11 2012 3:17AM

BTW.. something you might also be interested in ...

We also tag these routes to our upstream providers..

Just put this in your upstream provider outgoing routing policy :

entry blackhole {
if {
community "65123:0" ;
}
then {
community add "Upstream blackhole community" ;
permit ;
}
}

Mvg,
Erik Bais (from Erik_Bais)
0 Kudos

EtherNation_Use
Contributor II

‎01-07-2014 09:52 PM

Create Date: May 11 2012 3:12AM

your welcome.

Glad I could help.

Regards,
Erik Bais
A2B Internet (from Erik_Bais)
0 Kudos

EtherNation_Use
Contributor II

‎01-07-2014 09:52 PM

Create Date: May 11 2012 3:09AM

Hi Erik,

I forgot to thank you. This is one helluva workaround  thank you for sharing the example. It is working perfectly for me as well.

(from Kenneth_Oestrup)
0 Kudos

EtherNation_Use
Contributor II

‎01-07-2014 09:52 PM

Create Date: Apr 16 2012 2:30PM

Hi,

You could have a look at the following.

create vlan "blackhole-vlan"
configure vlan blackhole-vlan tag 666
enable loopback-mode vlan blackhole-vlan
configure vlan blackhole-vlan ipaddress 192.168.123.1 255.255.255.0
enable ipforwarding vlan blackhole-vlan
disable igmp snooping vlan "blackhole-vlan"
disable igmp vlan "blackhole-vlan"
create fdbentry 00:11:22:33:44:55 vlan "blackhole-vlan" blackhole

configure iparp add 192.168.123.123 vr VR-Default 00:11:22:33:44:55
configure access-list blackhole_filter vlan "blackhole-vlan" ingress

The following policy file is used to discard any traffic that goes into the blackhole VLAN.

edit policy blackhole_filter
entry filter-blackhole {
if {
}
then {
deny ; count blackhv1 ;
}
}

Apply the following in_policy policy to BGP neighbors using the configure bgp neighbor routepolicy
command. This policy blackholes any /32 route that matches community 65123:0:

entry BLKHOLE-Filter-1 {
if match any {
community "65123:0" ;;
nlri any/32 ;
}
then {
next-hop 192.168.123.123 ;
permit ;
}
}

Let me know if this fixed the issue for you.

It fixed the issue for us, although it took a while before we were able to get our heads around how to get / keep a 'feasible' route while putting everything to a blackhole. 

Regards,
Erik Bais (from Erik_Bais)
0 Kudos
li.common.scroll-to.top
GTM-P2G8KFN