Hey Jimmy, I also noticed (don't know if it's just a fat-finger on the e-mail) that your route-map is incorrectly named in the BGP redistribute command. Under the command, you are calling up 'RGBH', yet your route-map is actually labeled 'RTBH'. Just something quick I noticed.
Thanks! Aaron T. Rohyans Senior Network Engineer CCIE #21945, CCSP, CCNA, CQS-Firewall, CQS-IPS, CQS-VPN, ISSP, CISP, JNCIA-ER DPSciences Corporation 7400 N. Shadeland Ave., Suite 245 Indianapolis, IN 46250 Office: (317) 348-0099 Fax: (317) 849-7134 [email protected]<mailto:[email protected]> http://www.dpsciences.com/ "I want an Anti-Virus system that sends Arnold back in time to kill the hacker as a small child before he invents the virus..." "There are 10 kinds of people in this world... those who can read binary, and those who can't" From: [email protected] [mailto:[email protected]] On Behalf Of Jimmy Larsson Sent: Wednesday, May 05, 2010 7:44 AM To: OSL Security Subject: [OSL | CCIE_Security] RTBH-issue Hi I am trying to setup RTBH for testing. Not in a WB-lab but in a home-brew environment. Topology: R1 (AS65001) - R2 (AS65002) - R3 (AS65003) My idea is to create a null0-route for the 192.0.0.1-address on all routers, and from my trigger-router R3 create a static-route for attacker-address 1.2.3.4/32<http://1.2.3.4/32> to the 192-address so that the edge-router R1 routes 1.2.3.4 to null0. But guess what: It doesn´t work! R3 (trigger router): R3#srs ip route ip route 1.2.3.4 255.255.255.255 192.0.0.1 tag 66 ip route 192.0.0.1 255.255.255.255 Null0 R3#srs router bgp router bgp 65003 no synchronization bgp log-neighbor-changes redistribute static route-map RGBH redistribute eigrp 3 neighbor 192.168.23.2 remote-as 65002 neighbor 192.168.34.4 remote-as 65004 no auto-summary R3#srs route-map route-map RTBH permit 10 match tag 66 continue set local-preference 200 set origin igp set ip next-hop 192.0.0.1 R3#sh ip bgp BGP table version is 16, local router ID is 192.168.33.33 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 10.4.4.4/32<http://10.4.4.4/32> 192.168.34.4 0 0 65004 ? *> 192.168.2.0 192.168.23.2 128256 0 65002 ? *> 192.168.2.2/32<http://192.168.2.2/32> 192.168.23.2 0 0 65002 ? *> 192.168.3.0 0.0.0.0 128256 32768 ? *> 192.168.3.3/32<http://192.168.3.3/32> 0.0.0.0 0 32768 ? *> 192.168.11.1/32<http://192.168.11.1/32> 192.168.23.2 0 65002 65001 ? *> 192.168.11.11/32<http://192.168.11.11/32> 192.168.23.2 0 65002 65001 ? *> 192.168.22.0 192.168.23.2 128256 0 65002 ? *> 192.168.22.22/32<http://192.168.22.22/32> 192.168.23.2 0 0 65002 ? *> 192.168.33.0 0.0.0.0 128256 32768 ? *> 192.168.33.33/32<http://192.168.33.33/32> 0.0.0.0 0 32768 ? R3# Shouldn´t the 1.2.3.4-route show up in the bgp-table? R1 (Edge router:) R1#srs ip route ip route 192.0.0.1 255.255.255.255 Null0 R1#srs router bgp router bgp 65001 no synchronization bgp log-neighbor-changes network 192.168.0.0 mask 255.255.0.0 redistribute eigrp 1 neighbor 192.168.12.2 remote-as 65002 no auto-summary R1#sh ip bgp BGP table version is 17, local router ID is 192.168.11.11 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 10.4.4.4/32<http://10.4.4.4/32> 192.168.12.2 0 65002 65003 65004 ? *> 192.168.2.0 192.168.12.2 128256 0 65002 ? *> 192.168.2.2/32<http://192.168.2.2/32> 192.168.12.2 0 0 65002 ? *> 192.168.3.0 192.168.12.2 0 65002 65003 ? *> 192.168.3.3/32<http://192.168.3.3/32> 192.168.12.2 0 65002 65003 ? *> 192.168.11.1/32<http://192.168.11.1/32> 0.0.0.0 0 32768 ? *> 192.168.11.11/32<http://192.168.11.11/32> 0.0.0.0 0 32768 ? *> 192.168.22.0 192.168.12.2 128256 0 65002 ? *> 192.168.22.22/32<http://192.168.22.22/32> 192.168.12.2 0 0 65002 ? *> 192.168.33.0 192.168.12.2 0 65002 65003 ? *> 192.168.33.33/32<http://192.168.33.33/32> 192.168.12.2 0 65002 65003 ? Any idea? What am I missing here? Br Jimmy -- ------- Jimmy Larsson Ryavagen 173 s-26030 Vallakra Sweden http://blogg.kvistofta.nu -------
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
