Destination-Based RTBH (Community-Based)

Topology: bgp-mh-iol

configure replace unix:init.cfg

  • All links are in the format 100.X.Y.X/24.

    • For example, the link between R4 and R7 is 100.4.7.0/24.

  • Lo0 is X.X.X.X/32 and is used for iBGP

  • Lo1 is <AS>.0.0.X/32 and is used as a public IP address that is pingable. The public Lo1 addresses are aggregated into a /8 at each edge router.

  • eBGP and iBGP is fully preconfigured.

Configure destination-based RTBH within AS20 and blackhole traffic destined to 50.0.0.8. Use communities to signal the RTBH within AS20. Use R4 as the trigger node.

Answer

Explanation

There are two ways to signal a RTBH within an AS. You can signal it using the next-hop value (192.0.2.1), or you can signal it using a community (ex. ASN:666).

Using communities is a bit nicer, because now we don’t have the issue we did in the previous lab where R2 was setting next-hop to itself for all iBGP routes, overriding the 192.0.2.1 next-hop in the route-map.

In this lab, we’ve moved the RTBH trigger router to R4. The RTBH route is triggered in the same manner: using a static route with tag 666. The difference is that R4 does not change the next-hop. Instead it just tags communities 20:666 and no-export.

R2 and R5 receive this path from R4. Notice that they set next-hop to 192.0.2.1, which is seen in the BGP update:

This is due to the following route-map, applied inbound for all iBGP peers:

Note that on IOS-XR, this is even more elegant, because you don’t need the dummy discard route. Instead you can just set the next-hop as discard within the route-policy itself:

PreviousDestination-Based RTBHNextSource-Based RTBH

Last updated