Thanks for all the replies and help :) Nick
-----Original Message----- From: Jonas Frey (Probe Networks) [mailto:[email protected]] Sent: 20 October 2010 16:03 To: Nick Ryce Cc: [email protected] Subject: Re: [j-nsp] BGP Blackhole communities Hi, its easy: - you need "multihop" on internal bgp sessions - configure dsc: unit 0 { family inet { address 10.10.20.1/32 { destination 10.10.20.2; } } } Add policy for blackhole filter: # show policy-options policy-statement blackholefilter term black { from { protocol bgp; community blackhole; } then { next-hop 10.10.20.2; } } - use this policy as import on internal bgp sessions (to propagate in your network and block traffic directly on each node) - add policy to your bgp customer as import policy: term 2 { from { protocol bgp; community blackhole; } then { community add no-export; next-hop 10.10.20.2; accept; } } - define community blackhole: # show policy-options community blackhole members <yourAS>:9999; You may need/want to tweak this to suit your needs. The above example will allow everything upto /32 in size (usually what your customer will want). Regards, Jonas Am Mittwoch, den 20.10.2010, 12:46 +0100 schrieb Nick Ryce: > Hi Guys, > > I am starting to play with BGP and have set up some communities to separate > customer, peer and transit routes. I am trying to figure out how to allow > customers to send me a blackhole community number and then blackhole this. > Does anyone have any examples? I have set up most of my communities > following http://puck.nether.net/bgp/juniper-config.html but still cannot > find any work examples of a blackhole community and how, when a customer adds > this to a prefix, I can discard/nullroute this. > > Any help much appreciated > > > Nick > > > ________________________________ > -- > > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. > If you have received this email in error please notify the sender. Any > offers or quotation of service are subject to formal specification. > Errors and omissions excepted. Please note that any views or opinions > presented in this email are solely those of the author and do not > necessarily represent those of Lumison. > Finally, the recipient should check this email and any attachments for the > presence of viruses. Lumison accept no liability for any > damage caused by any virus transmitted by this email. > _______________________________________________ > juniper-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/juniper-nsp -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender. Any offers or quotation of service are subject to formal specification. Errors and omissions excepted. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Lumison. Finally, the recipient should check this email and any attachments for the presence of viruses. Lumison accept no liability for any damage caused by any virus transmitted by this email. _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
