BGP next hop to null or loopback

Post Reply
gkigen
Member
Posts: 3
Joined: 21 Aug 2023 07:17

BGP next hop to null or loopback

Post by gkigen »

Hello
I am try to implement a solution to dynamically blackhole /32 received from ebgp peer ..

Code: Select all

*A:R1# show router  3000 interface "drop-int" 

===============================================================================
Interface Table (Service: 3000)
===============================================================================
Interface-Name                   Adm       Opr(v4/v6)  Mode    Port/SapId
   IP-Address                                                  PfxState
-------------------------------------------------------------------------------
drop-int                         Up        Up/Down     VPRN    loopback
   192.168.0.1/32                                              n/a
-------------------------------------------------------------------------------
Interfaces : 1

A:R1# show router  policy "drop-blacklist" 
    entry 10
        from
        exit
        action accept
            local-preference 500
            next-hop 192.168.0.1
        exit
    exit
    default-action drop
    exit
*A:R1#
I would like to make the next hop to be blackhole or loopback but cant seem to get it to work
Top
paramount
Member
Posts: 84
Joined: 11 Jan 2015 17:18
Contact:
Contact paramount

Re: BGP next hop to null or loopback

Post by paramount »

Hi,

To send this and to achieve the desired affect, I think you will need to use RTBH - remote triggered blackhole.

To do this, from your sending router, advertise a BGP route, but have the next-hop set to something don't use in the network - you do this on your BGP export policy.
Then on your receiving router, the one where you want to blackhole traffic, have a static route to blackhole for the next hop of the BGP route.
Then when you learn the BGP route, the next hop will be set to black hole.

Source of the blackhole route:

Code: Select all

    /configure router "Base" static-routes route 200.0.0.0/16 route-type unicast blackhole admin-state enable
BGP export from source site:

Code: Select all

    /configure policy-options policy-statement "BGP-export" entry 10 from protocol name [static]
    /configure policy-options policy-statement "BGP-export" entry 10 action action-type accept
    /configure policy-options policy-statement "BGP-export" entry 10 action next-hop 100.0.0.1
Now at your receiving site, pre-create the static with next hop as black hole:

Code: Select all

 /configure router "Base" static-routes route 100.0.0.1/32 route-type unicast blackhole admin-state enable
Once you then learn the new prefix, you will automatically set next-hop to bh.

Code: Select all

200.0.0.0/16                                  Blackh* BGP       00h07m03s  170
       Black Hole                                                   1
Top
gkigen
Member
Posts: 3
Joined: 21 Aug 2023 07:17

Re: BGP next hop to null or loopback

Post by gkigen »

Thank you! I created a /32 dummy next hop as static and changed my bgp routes to that next hop and now all is good :)
Top
Post Reply

Return to “7750 SR”