I am working on an ISP and we have given the opportunity to our customers to send us a special BGP community when one of their host is under attack (blackhole community). We then match this community, we route it to null 0 and in addition we add a new community (without the additive keyword) and send it to our upstream provider so as to prevent malicious traffic from reaching our border router. Today a customer send us a prefix with the special community along with the community no-export. Although when we match the special community we overwrite all communities with the one given for our upstream blackhole procedure it seems that the no-export cannot be overwritten. As a result this prefix is not advertised to our upstream.
Is this expected? Well-known bgp sommunities such as no-export cannot be overwriten by a set statement without the additive word?
1. Introduction Internet security is important with the increasing
attacks that are happening every day. Many internet and browsing
security solutions exist, but some are not very easy to use or maybe the
question is how can I enable them? In this referen...
Cisco Software Manager Server API Guide This document describes the
programmatic interfaces, RESTful APIs, which are supported by Cisco
Software Manager Server (CSM Server). Overview CSM Server supports a set
of finite RESTful APIs. The first step to use ...
If you are using Cisco's new linux-based Cisco Software Manager server,
then you probably want to make sure there is a startup service for
it.I'll assume that you've already installed the CSM server on a
systemd-based linux system. The commands given belo...