On Wed, Jul 20, 2016 at 11:05:03PM +0200, Hrvoje Popovski wrote: > Hi all, > > here at CIX we want to implement BLACKHOLE based on > https://tools.ietf.org/html/draft-ietf-grow-blackholing > > presentation > https://www.ietf.org/proceedings/94/slides/slides-94-grow-1.pdf > > Recommendation is to have Blackhole BGP Community: 65535:666, but when > configure that community i'm getting "Bad community AS number". > > Is there any problem to allow 65535 in community ? > > > configuration: > > AS 65005 > router-id 10.192.192.124 > listen on 10.192.192.124 > holdtime 180 > holdtime min 3 > fib-update no > log updates > nexthop qualify via bgp > transparent-as yes > > group rsip4 { > local-address 10.192.192.124 > announce IPv6 none > announce IPv4 unicast > set nexthop no-modify > enforce neighbor-as yes > announce all > neighbor 10.192.192.65 { > remote-as 123 > max-prefix 1024 restart 5 > passive > } > neighbor 10.192.192.87 { > remote-as 124 > max-prefix 1024 restart 5 > passive > } > neighbor 10.192.192.66 { > remote-as 125 > max-prefix 1024 restart 5 > passive > } > } > > deny from any inet prefixlen 8 >< 24 > allow from any inet prefixlen 16 - 32 community 65535:666 > > match from any community 65535:666 set nexthop 10.192.192.90 > match from any set community 65005:65000 > > deny to group rsip4 community 65005:65000 > deny to group rsip4 community 0:65005 > allow to group rsip4 community 65005:65005 > deny to group rsip4 community 0:neighbor-as > allow to group rsip4 community 65005:neighbor-as > > match to group rsip4 prefix 10.192.192.64/26 set prepend-self 1 >
Just use "community BLACKHOLE" instead of 65535:666 and it will work. -- :wq Claudio
