Naveen Nathan wrote:
Hi,
I am new to the list, so please go easy on me.
I'm in need of assistance configuring remote trigger blackhole in
IOS. This feature is supported by our transit provider. I'm unsure
if it's working or not, but since the nulled routes don't appear to
be advertised
Did your transit provider give you a community-string to match - usually
their 'AS:arbitrary-number'? Traditionally, what happens is they look for a
BGP community string to match and then accept the null route.
So you have a send-community as a neighbor statement with a route-map and
prefix-list
If I understand you correctly, wouldn't one need an extra entry in the
OUTBOUND prefix-list that allows host routes to be advertised to the
transit?:
Steve, that was exactly the problem. I've been meaning to give an update.
Kevin helped me off-list find the issue.
After adding host-routes to
Naveen Nathan wrote:
If I understand you correctly, wouldn't one need an extra entry in the
OUTBOUND prefix-list that allows host routes to be advertised to the
transit?:
Steve, that was exactly the problem. I've been meaning to give an update.
Kevin helped me off-list find the issue.
Glad to hear that you got it working!
Thanks.
Out of curiosity, would you mind sharing the specific pref list entry
you ended up using?
Was it simply 'everything/32'?
Tinkering with the prefix-list at first, got the results I expected.
I was redistributing the static routes to BGP,
If I blackhole/sinkhole an external-to-my-ARIN-block IP that is
attacking my network, I'm deathly afraid that I may accidentally
advertise it to a peer.
Hadn't thought about it, but yeah, requiring a very long prefix
length before appending RTBH prefixes would be a good safety
measure.
I
Hi,
I am new to the list, so please go easy on me.
I'm in need of assistance configuring remote trigger blackhole in
IOS. This feature is supported by our transit provider. I'm unsure
if it's working or not, but since the nulled routes don't appear to
be advertised to the transit peer, I'm
-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
boun...@puck.nether.net] On Behalf Of Naveen Nathan
Sent: Thursday, September 17, 2009 8:23 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] Assistance configuring a router to trigger remote
blackhole
Hi,
I am new to the list, so please go
On Thu, Sep 17, 2009 at 8:23 PM, Naveen Nathan nav...@lastninja.net wrote:
Hi,
I am new to the list, so please go easy on me.
I'm in need of assistance configuring remote trigger blackhole in
IOS. This feature is supported by our transit provider. I'm unsure
if it's working or not, but
I'm unsure if it's working or not, but since the nulled routes don't
appear to be advertised to the transit peer, I'm assuming not.
Does a 'sh ip route' for the /32 indicate that its being redistributed?
If you do a 'sh ip bgp nei nei adver' does it show it being advertised?
Does a 'sh ip route' for the /32 indicate that its being redistributed?
If you do a 'sh ip bgp nei nei adver' does it show it being advertised?
Below I pasted excerpts from the router. The route appears to be
redistributed by the correct route-map. The STATIC-TO-BGP map proceeds
to set the
11 matches
Mail list logo