Hi, Level3 don't provide a seperate peering for black-holing, they expect you to use the primary peering. (At least what they have told me as i requested an extra peering.)
Our network is very flat, so we dont have a peering routers, and customer routers. Almost every router in our network performs every role. ,Peter ________________________________ From: Morgan McLean Sent: Saturday, November 09, 2013 4:32 PM To: Peter Krupl Cc: [email protected] Subject: Re: [j-nsp] RIB -> FIB filtering. Can you establish a separate bgp neighbor and use a different routing instance or a dedicated black hole route server or something? That seems way too hackish to me. On Saturday, November 9, 2013, Peter Krupl wrote: Dear group, I need to advertise host specific routes for black-holing to our upstream carriers. But it don't necessarily want to black-hole the same destinations within our own network. So in order to get our router to advertise, it must think that the route is active. So i inject a valid route into our network from our central black-holing BGP router. But prevent it from entering the FIB like this: set policy-options policy-statement export_rib_to_fib term filter-blackhole-routes from community 9167-blackhole set policy-options policy-statement export_rib_to_fib term filter-blackhole-routes then reject set policy-options policy-statement export_rib_to_fib term load-balance then load-balance per-packet set routing-options forwarding-table export export_rib_to_fib I have tried to search via Google but i have not found any mention of the above method. It seems to work.. is this too hackish for production use ? I could off course also just install a static host route at the edge router facing the black-holed destination, but then it's not a centralized solution. Also having to install access routes for connected destinations is ugly. Is this a sane approach ? Your opinion is appreciated. Alternative approaches ? Kind regards, Peter Krüpl _______________________________________________ juniper-nsp mailing list [email protected]<UrlBlockedError.aspx> https://puck.nether.net/mailman/listinfo/juniper-nsp -- Thanks, Morgan _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
