This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (EXOS/Switch Engine)
- RE: Routes from bgp with nexthop to blackhole
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Routes from bgp with nexthop to blackhole
Routes from bgp with nexthop to blackhole
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2014 09:52 PM
Create Date: Mar 30 2012 4:26AM
Hi,
I'm trying to set up remotely triggered blackhole functionality.
From my blackhole triggering router, I send routes with next-hop of 192.0.2.1.
On all routers I have configured a static route for 192.0.2.1:
configure iproute add blackhole ipv4 192.0.2.1/32
However, it seems that whenever a route has a next-hop to a blackhole route, I is unfeasible.
# show bgp neighbor 2.13.1.6 received-routes all Routes: Destination Peer Next-Hop LPref Weight MED AS-Path ---------------------------------------------------------------------------------------- u i 2.13.8.8/32 2.13.1.6 192.0.2.1 100 1 0 u i 2.13.9.2/32 2.13.1.6 192.0.2.1 100 1 0 I can't see that I'm doing anything wrong, perhaps I need some settings to allow this scenario. Similar configurations works on other implementations than Extreme??
(from Kenneth_Oestrup)
Hi,
I'm trying to set up remotely triggered blackhole functionality.
From my blackhole triggering router, I send routes with next-hop of 192.0.2.1.
On all routers I have configured a static route for 192.0.2.1:
configure iproute add blackhole ipv4 192.0.2.1/32
However, it seems that whenever a route has a next-hop to a blackhole route, I is unfeasible.
# show bgp neighbor 2.13.1.6 received-routes all Routes: Destination Peer Next-Hop LPref Weight MED AS-Path ---------------------------------------------------------------------------------------- u i 2.13.8.8/32 2.13.1.6 192.0.2.1 100 1 0 u i 2.13.9.2/32 2.13.1.6 192.0.2.1 100 1 0 I can't see that I'm doing anything wrong, perhaps I need some settings to allow this scenario. Similar configurations works on other implementations than Extreme??
(from Kenneth_Oestrup)
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2014 09:52 PM
Create Date: May 11 2012 3:17AM
BTW.. something you might also be interested in ...
We also tag these routes to our upstream providers..
Just put this in your upstream provider outgoing routing policy :
entry blackhole {
if {
community "65123:0" ;
}
then {
community add "Upstream blackhole community" ;
permit ;
}
}
Mvg,
Erik Bais (from Erik_Bais)
BTW.. something you might also be interested in ...
We also tag these routes to our upstream providers..
Just put this in your upstream provider outgoing routing policy :
entry blackhole {
if {
community "65123:0" ;
}
then {
community add "Upstream blackhole community" ;
permit ;
}
}
Mvg,
Erik Bais (from Erik_Bais)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2014 09:52 PM
Create Date: May 11 2012 3:12AM
your welcome.
Glad I could help.
Regards,
Erik Bais
A2B Internet (from Erik_Bais)
your welcome.
Glad I could help.
Regards,
Erik Bais
A2B Internet (from Erik_Bais)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2014 09:52 PM
Create Date: May 11 2012 3:09AM
Hi Erik,
I forgot to thank you. This is one helluva workaround thank you for sharing the example. It is working perfectly for me as well.
(from Kenneth_Oestrup)
Hi Erik,
I forgot to thank you. This is one helluva workaround thank you for sharing the example. It is working perfectly for me as well.
(from Kenneth_Oestrup)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2014 09:52 PM
Create Date: Apr 16 2012 2:30PM
Hi,
You could have a look at the following.
create vlan "blackhole-vlan"
configure vlan blackhole-vlan tag 666
enable loopback-mode vlan blackhole-vlan
configure vlan blackhole-vlan ipaddress 192.168.123.1 255.255.255.0
enable ipforwarding vlan blackhole-vlan
disable igmp snooping vlan "blackhole-vlan"
disable igmp vlan "blackhole-vlan"
create fdbentry 00:11:22:33:44:55 vlan "blackhole-vlan" blackhole
configure iparp add 192.168.123.123 vr VR-Default 00:11:22:33:44:55
configure access-list blackhole_filter vlan "blackhole-vlan" ingress
The following policy file is used to discard any traffic that goes into the blackhole VLAN.
edit policy blackhole_filter
entry filter-blackhole {
if {
}
then {
deny ; count blackhv1 ;
}
}
Apply the following in_policy policy to BGP neighbors using the configure bgp neighbor routepolicy
command. This policy blackholes any /32 route that matches community 65123:0:
entry BLKHOLE-Filter-1 {
if match any {
community "65123:0" ;;
nlri any/32 ;
}
then {
next-hop 192.168.123.123 ;
permit ;
}
}
Let me know if this fixed the issue for you.
It fixed the issue for us, although it took a while before we were able to get our heads around how to get / keep a 'feasible' route while putting everything to a blackhole.
Regards,
Erik Bais (from Erik_Bais)
Hi,
You could have a look at the following.
create vlan "blackhole-vlan"
configure vlan blackhole-vlan tag 666
enable loopback-mode vlan blackhole-vlan
configure vlan blackhole-vlan ipaddress 192.168.123.1 255.255.255.0
enable ipforwarding vlan blackhole-vlan
disable igmp snooping vlan "blackhole-vlan"
disable igmp vlan "blackhole-vlan"
create fdbentry 00:11:22:33:44:55 vlan "blackhole-vlan" blackhole
configure iparp add 192.168.123.123 vr VR-Default 00:11:22:33:44:55
configure access-list blackhole_filter vlan "blackhole-vlan" ingress
The following policy file is used to discard any traffic that goes into the blackhole VLAN.
edit policy blackhole_filter
entry filter-blackhole {
if {
}
then {
deny ; count blackhv1 ;
}
}
Apply the following in_policy policy to BGP neighbors using the configure bgp neighbor routepolicy
command. This policy blackholes any /32 route that matches community 65123:0:
entry BLKHOLE-Filter-1 {
if match any {
community "65123:0" ;;
nlri any/32 ;
}
then {
next-hop 192.168.123.123 ;
permit ;
}
}
Let me know if this fixed the issue for you.
It fixed the issue for us, although it took a while before we were able to get our heads around how to get / keep a 'feasible' route while putting everything to a blackhole.
Regards,
Erik Bais (from Erik_Bais)
