CCIE SPv5.1 Labs
  • Page
  • Intro
    • Setup
  • MVPN
    • Start
    • Topology
    • Profile 0
    • Profile 0 with data MDTs
    • Profile 1
    • Profile 1 w/ Redundant Roots
    • Profile 1 with data MDTs
    • Profile 6
    • Profile 7
    • Profile 3
    • Profile 3 with S-PMSI
    • Profile 11
    • Profile 11 with S-PMSI
    • Profile 11 w/ Receiver-only Sites
    • Profile 9 with S-PMSI
    • Profile 12
    • Profile 13
    • UMH (Upstream Multicast Hop) Challenge
    • Profile 13 w/ Configuration Knobs
    • Profile 13 w/ PE RP
    • Profile 12 w/ PE Anycast RP
    • Profile 14 (Partitioned MDT)
    • Profile 14 with Extranet option #1
    • Profile 14 with Extranet option #2
    • Profile 14 w/ IPv6
    • Profile 17
    • Profile 19
    • Profile 21
  • MVPN SR
    • Start
    • Topology
    • Profile 27
    • Profile 27 w/ Constraints
    • Profile 27 w/ FRR
    • Profile 28
    • Profile 28 w/ Constraints and FRR
    • Profile 28 w/ Data MDTs
    • Profile 29
  • Segment Routing
    • Start
    • Topology
    • Basic SR with ISIS
    • Basic SR with OSPF
    • SRGB Modifcation
    • SR with ExpNull
    • SR Anycast SID
    • SR Adjacency SID
    • SR LAN Adjacency SID (Walkthrough)
    • SR and RSVP-TE interaction
    • SR basic inter-area with ISIS
    • SR basic inter-area with OSPF
    • SR basic inter-IGP (redistribution)
    • SR basic inter-AS using BGP
    • SR BGP Data Center (eBGP)
    • SR BGP Data Center (iBGP)
    • LFA
    • LFA Tiebreakers (ISIS)
    • LFA Tiebreakers (OSPF)
    • Remote LFA
    • RLFA Tiebreakers?
    • TI-LFA
    • Remote LFA or TILFA?
    • TI-LFA Node Protection
    • TI-LFA SRLG Protection
    • TI-LFA Protection Priorities (ISIS)
    • TI-LFA Protection Priorities (OSPF)
    • Microloop Avoidance
    • SR/LDP Interworking
    • SR/LDP SRMS OSPF Inter-Area
    • SR/LDP Design Challenge #1
    • SR/LDP Design Challenge #2
    • Migrate LDP to SR (ISIS)
    • OAM with SR
    • SR-MPLS using IPv6
    • Basic SR-TE with AS
    • Basic SR-TE with AS and ODN
    • SR-TE with AS Primary/Secondary Paths
    • SR-TE Dynamic Policies
    • SR-TE Dynamic Policy with Margin
    • SR-TE Explicit Paths
    • SR-TE Disjoint Planes using Anycast SIDs
    • SR-TE Flex-Algo w/ Latency
    • SR-TE Flex-Algo w/ Affinity
    • SR-TE Disjoint Planes using Flex-Algo
    • SR-TE BSIDs
    • SR-TE RSVP-TE Stitching
    • SR-TE Autoroute Include
    • SR inter-IGP using PCE
    • SR-TE PCC Features
    • SR-TE PCE Instantiated Policy
    • SR-TE PCE Redundancy
    • SR-TE PCE Redundancy w/ Sync
    • SR-TE Basic BGP EPE
    • SR-TE BGP EPE for Unified MPLS
    • SR-TE Disjoint Paths
    • SR Converged SDN Transport Challenge
    • SR OAM DPM
    • SR OAM Tools
    • Performance-Measurement (Interface Delay)
  • EVPN
    • Start
    • Topology
    • EVPN VPWS
    • EVPN VPWS Multihomed
    • EVPN VPWS Multihomed Single-Active
    • Basic Single-homed EVPN E-LAN
    • EVPN E-LAN Service Label Allocation
    • EVPN E-LAN Ethernet Tag
    • EVPN E-LAN Multihomed
    • EVPN E-LAN on XRv
    • EVPN IRB
    • EVPN-VPWS Multihomed IOS-XR (All-Active)
    • EVPN-VPWS Multihomed IOS-XR (Port-Active)
    • EVPN-VPWS Multihomed IOS-XR (Single-Active)
    • EVPN-VPWS Multihomed IOS-XR (Non-Bundle)
    • PBB-EVPN (Informational)
  • VPWS
    • Start
    • Topology
    • Basic VPWS
    • VPWS with Tag Manipulation
    • Redundant VPWS
    • Redundant VPWS (IOS-XR)
    • VPWS with PW interfaces
    • Manual VPWS
    • VPWS with Sequencing
    • Pseudowire Logging
    • VPWS with FAT-PW
    • MS-PS (Pseudowire stitching)
    • VPWS with BGP AD
  • VPLS
    • Start
    • Topology
    • Basic VPLS with LDP
    • VPLS with LDP and BGP
    • VPLS with BGP only
    • Hub and Spoke VPLS
    • Tunnel L2 Protocols over VPLS
    • Basic H-VPLS
    • H-VPLS with BGP
    • H-VPLS with QinQ
    • H-VPLS with Redundancy
    • VPLS with Routing
    • VPLS MAC Protection
    • Basic E-TREE
    • VPLS with LDP/BGP-AD and XRv RR
    • VPLS with BGP and XRv RR
    • VPLS with Storm Control
  • BGP Multi-Homing (XE)
    • Start
    • Topology
    • Lab1 ECMP
    • Lab2 UCMP
    • Lab3 Backup Path
    • Lab4 Shadow Session
    • Lab5 Shadow RR
    • Lab6 RR with Add-Path
    • Lab7 MPLS + Add Path ECMP
    • Lab8 MPLS + Shadow RR
    • Lab9 MPLS + RDs + UCMP
  • BGP Multi-Homing (XR)
    • Start
    • Topology
    • Lab1 ECMP
    • Lab2 UCMP
    • Lab3 Backup Path
    • Lab4 “Shadow Session”
    • Lab5 “Shadow RR”
    • Lab6 RR with Add-Path
    • Lab7 MPLS + Add Path ECMP
    • Lab8 MPLS + “Shadow RR”
    • Lab9 MPLS + RDs + UCMP
    • Lab10 MPLS + Same RD + Add-Path + UCMP
    • Lab11 MPLS + Same RD + Add-Path + Repair Path
  • BGP
    • Start
    • Conditional Advertisement
    • Aggregation and Deaggregation
    • Local AS
    • BGP QoS Policy Propagation
    • Non-Optimal eBGP Routing
    • Multihomed Enterprise Challenge
    • Provider Communities
    • Destination-Based RTBH
    • Destination-Based RTBH (Community-Based)
    • Source-Based RTBH
    • Source-Based RTBH (Community-Based)
    • Multihomed Enterprise Challenge (XRv)
    • Provider Communities (XRv)
Powered by GitBook
On this page
  • Answer
  • Explanation
  1. BGP

Destination-Based RTBH (Community-Based)

PreviousDestination-Based RTBHNextSource-Based RTBH

Last updated 2 days ago

Topology: bgp-mh-iol

configure replace unix:init.cfg

  • All links are in the format 100.X.Y.X/24.

    • For example, the link between R4 and R7 is 100.4.7.0/24.

  • Lo0 is X.X.X.X/32 and is used for iBGP

  • Lo1 is <AS>.0.0.X/32 and is used as a public IP address that is pingable. The public Lo1 addresses are aggregated into a /8 at each edge router.

  • eBGP and iBGP is fully preconfigured.

Configure destination-based RTBH within AS20 and blackhole traffic destined to 50.0.0.8. Use communities to signal the RTBH within AS20. Use R4 as the trigger node.

Answer

#R2, R4, R5
ip bgp new-format
ip community-list 1 permit 20:666
!
ip route 192.0.2.1 255.255.255.255 null 0
!
route-map IBGP_IN
 match community 1
 set ip next-hop 192.0.2.1
route-map IBGP_IN permit 20
!
router bgp 20
 template peer-policy IBGP
  route-map IBGP_IN in
  send-community both

#R4
ip route 50.0.0.8 255.255.255.255 null 0 tag 666
!
route-map RTBH
 match tag 666
 set community no-export 20:666
!
router bgp 20
 add ipv4
  redistribute static route-map RTBH

Explanation

There are two ways to signal a RTBH within an AS. You can signal it using the next-hop value (192.0.2.1), or you can signal it using a community (ex. ASN:666).

Using communities is a bit nicer, because now we don’t have the issue we did in the previous lab where R2 was setting next-hop to itself for all iBGP routes, overriding the 192.0.2.1 next-hop in the route-map.

In this lab, we’ve moved the RTBH trigger router to R4. The RTBH route is triggered in the same manner: using a static route with tag 666. The difference is that R4 does not change the next-hop. Instead it just tags communities 20:666 and no-export.

R2 and R5 receive this path from R4. Notice that they set next-hop to 192.0.2.1, which is seen in the BGP update:

This is due to the following route-map, applied inbound for all iBGP peers:

ip community-list 1 permit 20:666
!
route-map IBGP_IN
 match community 1
 set ip next-hop 192.0.2.1
route-map IBGP_IN permit 20
!
router bgp 20
 template peer-policy IBGP
  route-map IBGP_IN in
  send-community both

Note that on IOS-XR, this is even more elegant, because you don’t need the dummy discard route. Instead you can just set the next-hop as discard within the route-policy itself:

route-policy RP_IBGP_V4_IN
  if community matches-any (20:666) then
    set next-hop discard
  else
    pass
  endif
end-policy