I've also hade some hard times to understand the original problem
statement. However, IMHO there is one confusing potential design flaw in
the setup and it is that the aggregated /19 route is also redistributed
into OSPF by some router(s). If you have more specific routes in OSPF
and aggregate those to a /19 by the routers, I personally wouldn't
redistribute the aggregated /19 back to OSPF. Without knowing the
details could it be that when advertising the aggregate to your peers
your BGP policy is expecting that the /19 route is from protocol
aggregate, but when the OSPF route is the best/active route, it either
does not match the policy or does not contain all the required
communities? But without knowing the details it is hard to say for sure.
There seem to be some intentional design choices being made wrt OSPF
routes, as the OSPF route has a protocol preference (a.k.a. admin
distance) of 125, which is OTOH not a default value for OSPF external
routes. If you have an aggregate route I would assume that you would
want to have it as a best/active route because what would be the point
of the aggregate route otherwise?
Kindly,
Antti
On 19/03/2024 19.43, Lee Starnes via juniper-nsp wrote:
Hello Juniper gurus. I am seeing an issue where we have a carrier that does
RTBH via BGP announcement rather than community strings. This is done via
BGP peer to a blackhole BGP router/server.
My issue here is that our aggregate IP block that is announced to our
backbone providers gets impacted when creating a /32 static discard route
to announce to that blackhole peer.
The blackhole peer does receive the /32 announcement, but the aggregate
route also becomes discarded and thus routes to the other peers stop
working.
Been trying to determine just how to accomplish this function without
killing all routes.
So we have several /30 to /23 routes within our /19 block that are
announced via OSPF from our switches to the routers. The routers aggregate
these to the /19 to announce the entire larger block to the backbone
providers.
The blackhole peer takes routes down to a /32 for mitigation of an attack.
If we add a static route as "route x.x.22.12/32 discard" we get:
show route x.x.22.10
inet.0: 931025 destinations, 2787972 routes (931025 active, 0 holddown, 0
hidden)
@ = Routing Use Only, # = Forwarding Use Only
+ = Active Route, - = Last Active, * = Both
x.x.0.0/19 *[OSPF/125] 5d 19:26:19, metric 20, tag 0
> to 10.20.20.3 via ae0.0
[Aggregate/130] 5d 20:18:36
Reject
While we see the more specific route as discard:
show route x.x.22.12
inet.0: 931022 destinations, 2787972 routes (931022 active, 0 holddown, 0
hidden)
@ = Routing Use Only, # = Forwarding Use Only
+ = Active Route, - = Last Active, * = Both
x.x.22.12/32 *[Static/5] 5d 20:20:07
Discard
Does anyone have a working config for this type of setup that might be able
to share some tips or the likes on what I need to do or what I'm doing
wrong?
Best,
-Lee
_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp
