Having a route to discard address on the trigger router is necessary -
otherwise this router will not advertise routes to its peers. But it can be
*any* route (not necessarily pointing to Null0), including default route :-)
As an example (considering scenario from Lab 16):
if I want to redistribute the following four routes from R2 (which is my
trigger router):
R2# show run | incl route
[...]
ip route 199.100.222.0 255.255.255.0 Null0 tag 199
ip route 199.100.224.0 255.255.255.0 Null0 tag 199
ip route 199.100.226.0 255.255.255.0 Null0 tag 199
ip route 199.100.228.0 255.255.255.0 Null0 tag 199
with the next-hop of 192.0.2.1:
R2# sh run | sec route-map
route-map r-RTBH permit 10
match tag 199
set local-preference 100
set origin igp
set community no-export
set ip next-hop 192.0.2.1
I have to have a static route for 192.0.2.1 on R2 (pointing to Null0) to be
able to redistribute those four networks to my BGP peers:
R2(config)# ip route 192.0.2.1 255.255.255.255 Null0
Now, if I remove the route above from R2, those four redistributed networks
will be gone from routing/BGP table of my BGP peers (R5 and R6):
R2#sh ip cef 192.0.2.1
0.0.0.0/0
no route
R5# sh logg
[...]
*Sep 27 14:33:35.351: BGP(0): 2.2.2.2 rcv UPDATE about 199.100.228.0/24 --
withdrawn
*Sep 27 14:33:35.351: BGP(0): no valid path for 199.100.228.0/24
*Sep 27 14:33:35.351: BGP(0): 2.2.2.2 rcv UPDATE about 199.100.226.0/24 --
withdrawn
*Sep 27 14:33:35.351: BGP(0): no valid path for 199.100.226.0/24
*Sep 27 14:33:35.351: BGP(0): 2.2.2.2 rcv UPDATE about 199.100.224.0/24 --
withdrawn
*Sep 27 14:33:35.351: BGP(0): no valid path for 199.100.224.0/24
*Sep 27 14:33:35.351: BGP(0): 2.2.2.2 rcv UPDATE about 199.100.222.0/24 --
withdrawn
*Sep 27 14:33:35.351: BGP(0): no valid path for 199.100.222.0/24
and it is because R2 stopped redistributing them:
R2#sh ip bgp 199.100.222.0
BGP routing table entry for 199.100.222.0/24, version 18
Paths: (1 available, no best path)
Flag: 0x820
Not advertised to any peer
Local
*192.0.2.1 (inaccessible) from 0.0.0.0 (2.2.2.2)*
Origin IGP, metric 0, localpref 100, weight 32768, valid, sourced
Community: no-export
But having default route on R2 is enough to start advertising those four
routes to R5 and R6 again:
R2(config)#ip route 0.0.0.0 0.0.0.0 200.13.25.5
R2#sh ip cef 192.0.2.1
0.0.0.0/0
nexthop 200.13.25.5 FastEthernet0/1.5
R2#sh ip bgp 199.100.222.0
BGP routing table entry for 199.100.222.0/24, version 38
Paths: (1 available, best #1, table Default-IP-Routing-Table, not
advertised to EBGP peer)
Flag: 0x820
Advertised to update-groups:
2
Local
192.0.2.1 from 0.0.0.0 (2.2.2.2)
Origin IGP, metric 0, localpref 100, weight 32768, valid, sourced,
best
Community: no-export
But of course it would be safer to have specific route to 192.0.2.1
(discard network) than relying on default route.
Marta Sokolowska.
2012/9/26 GuardGrid <[email protected]>
Hi,
> Is there any info on RTBH on the DOC CD?
>
> I could only find this
> http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6642/prod_white_paper0900aecd80313fac.pdf
>
> http://packetlife.net/blog/2009/jul/6/remotely-triggered-black-hole-rtbh-routing/
>
> and obviously this will not be available during the exam.
>
> I thought I understood the basic concept here but I am unable to get this
> to work without adding a route for the discard address on the trigger
> router.
> Both the links above only suggest that we add the route to null0 on the
> edge routers and only the route for the destination (victim) to be added on
> the trigger router.
>
> Destination RTBH
> =================
> 1. Add route to null0 for the discard address on the edge routers
> 2. On the Trigger router Create a route map and match for a specific tag
> and set the next hop to that discard address.
> 3. As a best practice also set the origin to IGP (make it more preferred)
> and community to no-export (don't advertise outside the AS)
> 4. Add this route map for static redistribution under the BGP process on
> the trigger router.
>
> 5. Now when the victim in question is under attack then add a static route
> pointing to null0 with that tag on the trigger router so that this will be
> redistributed
> via BGP to the edge routers .
>
>
> Can you tell me what I am missing here?
>
> I am having to add a route for the discard addr on the trigger router as
> well which I do not see mentioned in any doc.
>
>
> -Srikant
>
>
> _______________________________________________
> For more information regarding industry leading CCIE Lab training, please
> visit www.ipexpert.com
>
> Are you a CCNP or CCIE and looking for a job? Check out
> www.PlatinumPlacement.com
>
--
--
Marta SokoĊowska.
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
