Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

BGP Prefix problem

I have what I think is a simple problem:

I have BGP setup between a couple of providers. The provider support blackhole announcements (block traffic to one of my IPs when I announce it to them via BGP using a specific community).

I currently have a /18 that I have the following configuration for:

router bgp XXX1

network XXX.XXX.XXX.XXX mask 255.255.192.0

neighbor yyy.yyy.yyy.yyy route-map PROVIDER-TRANSIT-INBOUND out

ip route XXX.XXX.XXX.XXX 255.255.192.0 null0

ip prefix-list ISP-BlackedHole seq 1 permit ZZZ.ZZZ.ZZZ.ZZZ/32

ip prefix-list ISP-BlackedHole seq 100 deny 0.0.0.0/0 le 32

ip prefix-list Transit-00 seq 20 permit XXX.XXX.XXX.XXX/18

route-map PROVIDER-TRANSIT-INBOUND permit 10

match ip address prefix-list ISP-BlackedHole

set community XXXX:YYYY

!

route-map PROVIDER-TRANSIT-INBOUND permit 20

match ip address prefix-list Transit-00

!

The intent is to send the IP that is under attack (in this case ZZZ.ZZZ.ZZZ.ZZZ) to the provider via BGP tagged with their community.

After reseting the peering, I noticed that only the /18 was being sent out. When I do a "show ip bgp prefix ISP-BlackHole", nothing was returned. For some reason ZZZ.ZZZ.ZZZ.ZZZ is not being advertised out, only the aggregate is.

What am I doing wrong?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: BGP Prefix problem

Joe,

That is correct. You could redistribute the /32 selectively using a route-map but it would be safer to use a network statement for that specific /32 though.

Regards

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
7 REPLIES
Cisco Employee

Re: BGP Prefix problem

Joe,

How do you originate the /32 prefix. You need to make sure it is in the RIB and that you use a network statement or that you redistribute it in BGP.

Also make sure that you have a "neighbor send-community" if you want the ISP to receive the community that you set in the route-map. The community will not be sent by default.

Regards

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: BGP Prefix problem

I've tried 2 methods:

* The IP is part of a /XX that is assigned to a port in our network, which is redistributed (and seen by the BGP routers) into our network via OSPF. This is prefered over the next option.

* null routing the IP on the routers doing BGP.

Cisco Employee

Re: BGP Prefix problem

Joe,

If the /32 is not present in BGP then it cannot be advertised to your ISP.

Do you see the /32 in your BGP table (show ip bgp)?

Regards

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: BGP Prefix problem

duh,

no I only see the /18 :(

So, between the network command and the null route, I'm redistributing the /18 into BGP.

So I would need to some how redistribute the IP into BGP. I assume I dont want to redistribute my entire OSPF table for various reasons, but I could redistribute the /32 using a route-map, yes?

say

router bgp XXXX

redistribute static route-map static-routes

route-map static-routes permit 10

match ip address prefix-list ISP-Blackhole

Cisco Employee

Re: BGP Prefix problem

Joe,

That is correct. You could redistribute the /32 selectively using a route-map but it would be safer to use a network statement for that specific /32 though.

Regards

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: BGP Prefix problem

I'll give it some thought regarding network statement vs. route-map.

Thanks for the help.

Re: BGP Prefix problem

Hi,

1- First of all You have to advertise ZZZ Network to ur BGP neighbor, as its not seem to be in the IP routing neither advertised . verify...

2- Ur XXX Network is not advertised but rather dropped due to the Nullo static route which preffered over the BGP AD.

3- U have to send community 2 the neighbor.

HTH

Mohamed

364
Views
0
Helpful
7
Replies