I have what I think is a simple problem:
I have BGP setup between a couple of providers. The provider support blackhole announcements (block traffic to one of my IPs when I announce it to them via BGP using a specific community).
I currently have a /18 that I have the following configuration for:
router bgp XXX1
network XXX.XXX.XXX.XXX mask 255.255.192.0
neighbor yyy.yyy.yyy.yyy route-map PROVIDER-TRANSIT-INBOUND out
ip route XXX.XXX.XXX.XXX 255.255.192.0 null0
ip prefix-list ISP-BlackedHole seq 1 permit ZZZ.ZZZ.ZZZ.ZZZ/32
ip prefix-list ISP-BlackedHole seq 100 deny 0.0.0.0/0 le 32
ip prefix-list Transit-00 seq 20 permit XXX.XXX.XXX.XXX/18
route-map PROVIDER-TRANSIT-INBOUND permit 10
match ip address prefix-list ISP-BlackedHole
set community XXXX:YYYY
route-map PROVIDER-TRANSIT-INBOUND permit 20
match ip address prefix-list Transit-00
The intent is to send the IP that is under attack (in this case ZZZ.ZZZ.ZZZ.ZZZ) to the provider via BGP tagged with their community.
After reseting the peering, I noticed that only the /18 was being sent out. When I do a "show ip bgp prefix ISP-BlackHole", nothing was returned. For some reason ZZZ.ZZZ.ZZZ.ZZZ is not being advertised out, only the aggregate is.
What am I doing wrong?
That is correct. You could redistribute the /32 selectively using a route-map but it would be safer to use a network statement for that specific /32 though.