RTBH Question / Trigger


#1

Hello,

I was curious how I would achieve the following:

Notes:

  • I have two transit providers who have RTBH Routers. I have BGP sessions to both of them from “Router1”.
  • I have a device connected to “Router1” that can announce prefixes (/32’s) that need to be null routed.

What would be the best way to have the prefixes announced to “Router1” be:

  • Blackholed locally
  • Announced to two different RTBH routers / BGP sessions

Please let me know if I can clarify my goal and or if this makes no sense.

Thanks kindly!


#2

Please Referral this … http://packetlife.net/blog/2009/jul/6/remotely-triggered-black-hole-rtbh-routing


#3

For some reason VyOS static route discard for RTBH doesn’t work:

run show ip route 192.0.2.1

Routing entry for 192.0.2.1/32
Known via “static”, distance 1, metric 0, best, blackhole

  • directly connected, Null0

run show ip route 202.X.X.X

Routing entry for 202.X.X.X/32
Known via “bgp”, distance 200, metric 0, best
Last update 00:00:46 ago
192.0.2.1 (recursive directly connected, Null0)

run show ip bgp 202.X.X.X

BGP routing table entry for 202.X.X.X/32
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
Local
192.0.2.1 from 202.Y.Y.Y
Origin IGP, localpref 1000, valid, internal, best
Community: 10:6601
Last update: Thu May 5 11:22:58 2016

run ping 202.X.X.X

PING 202.X.X.X (202.X.X.X) 56(84) bytes of data.
64 bytes from 202.X.X.X: icmp_req=1 ttl=63 time=181 ms
64 bytes from 202.X.X.X: icmp_req=2 ttl=63 time=181 ms
64 bytes from 202.X.X.X: icmp_req=3 ttl=63 time=181 ms

Am running a VyOS/Junos network and only the Junos routers are blackholing while the VyOS routers are not.

Configs:

[edit protocols static]
route 192.0.2.1/32 {
blackhole {
}

[edit policy route-map RTBH-IN]
rule 1 {
action permit
match {
community {
community-list 10
}
}
set {
ip-next-hop 192.0.2.1
}
}