BGP Next Hop Blackhole

Hi @andri , from your explanation I would like to suggest you trying the configuration example below:

Blackholed route received from peer - 1.1.1.1/32
dummy interface dum0 used for modifying next-hop - 10.10.10.10/32

set interfaces dummy dum0 address '10.10.10.10/32'
set interfaces ethernet eth1 address '10.0.0.1/31'

set policy prefix-list AS65001-blackholed rule 1 action 'permit'
set policy prefix-list AS65001-blackholed rule 1 prefix '1.1.1.1/32'
set policy route-map blackhole rule 1 action 'permit'
set policy route-map blackhole rule 1 match ip address prefix-list 'AS65001-blackholed'
set policy route-map blackhole rule 1 set ip-next-hop '10.10.10.10'
set protocols bgp 65002 address-family ipv4-unicast redistribute connected
set protocols bgp 65002 address-family ipv4-unicast redistribute static
set protocols bgp 65002 neighbor 10.0.0.0 address-family ipv4-unicast route-map import 'blackhole'
set protocols bgp 65002 neighbor 10.0.0.0 remote-as '65001'

Route information for 1.1.1.1/32 after policy applied:

vyos@vyos:~$ show ip bgp 1.1.1.1
BGP routing table entry for 1.1.1.1/32
Paths: (1 available, best #1, table default)
  Advertised to non peer-group peers:
  10.0.0.0
  65001
    10.10.10.10 from 10.0.0.0 (10.0.0.0)
      Origin incomplete, metric 0, valid, external, best (First path received)
      Last update: Fri Dec 24 07:32:54 2021

vyos@vyos:~$ show ip route 1.1.1.1
Routing entry for 1.1.1.1/32
  Known via "bgp", distance 20, metric 0, best
  Last update 00:00:52 ago
  * 10.10.10.10, via dum0, weight 1

vyos@vyos:~$ ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
^C
--- 1.1.1.1 ping statistics ---
149 packets transmitted, 0 received, 100% packet loss, time 151541ms

Is that what you’re trying to do?

1 Like