Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Changing next-hop for EBGP peer routes

Hello,

Is it possible to change the next-hop of some updates received through eBGP? Let's say the customer receives a flood and wants to advertise to the ISP a /32 prefix so the filtering occurs at the network edge. I was thinking something like:

PE config:

!

!

interface Null0

no ip unreachables

end

!

router bgp 100

bgp router-id 192.168.255.14

no bgp default ipv4-unicast

no bgp default route-target filter

bgp log-neighbor-changes

neighbor 192.168.2.2 remote-as 102

neighbor 192.168.2.2 update-source Ethernet0

!

address-family ipv4

neighbor 192.168.2.2 activate

neighbor 192.168.2.2 route-map InboundM in

...........

no auto-summary

no synchronization

...........

ip prefix-list prfx seq 5 permit 0.0.0.0/0 ge 32

!

route-map InboundM permit 10

match ip address prefix-list prfx

set ip next-hop 192.0.3.1

set origin igp

set community no-export

!

route-map InboundM permit 20

!

ip route 192.0.3.1 255.255.255.255 null 0

!

Unfortunately:

PE_XXX#sh ip bgp 69.0.0.1

BGP routing table entry for 69.0.0.1/32, version 3286

Paths: (1 available, no best path)

Not advertised to any peer

102

192.0.3.1 (inaccessible) from 192.168.2.2 (192.168.2.2)

Origin IGP, metric 0, localpref 100, valid, external

Community: no-export

PE_XXX#sh ip bgp 69.0.0.0

BGP routing table entry for 69.0.0.0/24, version 7

Paths: (1 available, best #1, table Default-IP-Routing-Table)

Advertised to non peer-group peers:

192.168.255.2 192.168.255.13

102

192.168.2.2 from 192.168.2.2 (192.168.2.2)

Origin IGP, metric 0, localpref 100, valid, external, best

PE_XXX#sh ip route 192.0.3.1

Routing entry for 192.0.3.1/32

Known via "static", distance 1, metric 0 (connected)

Routing Descriptor Blocks:

* directly connected, via Null0

Route metric is 0, traffic share count is 1

I want to make a step further from the blackhole routing described in the Nanog docs, so I don't have to manually provision the static route(s) that gets redistributed by iBGP and trigger blackholing, and to also allow the customer to announce me long prefixes for me to filter out dynamically.

Still, it doesn't seem to work as expected, as you can see from the output the /32 prefix doesn't get advertised with the 192.0.3.1 next-hop to be filtered out at the edge.

Thanks,

Alexandru

1 REPLY
New Member

Re: Changing next-hop for EBGP peer routes

Ok, I've found out what the problem was. It seems that configuring the eBGP session as ebgp-multihop works. Here's the output:

router bgp YYY

no bgp default ipv4-unicast

no bgp default route-target filter

bgp log-neighbor-changes

neighbor 192.168.2.2 remote-as XXX

neighbor 192.168.2.2 description *** Customer ***

neighbor 192.168.2.2 ebgp-multihop 255

!

address-family ipv4

neighbor 192.168.2.2 activate

neighbor 192.168.2.2 send-community

neighbor 192.168.2.2 route-map Inbound in

no auto-summary

no synchronization

exit-address-family

!

ip route 192.0.3.0 255.255.255.0 Null0 tag 6969

!

ip prefix-list pref32 seq 5 permit 0.0.0.0/0 ge 32

!

route-map Inbound permit 10

match ip address prefix-list pref32

set ip next-hop 192.0.3.1

set origin igp

!

route-map Inbound permit 20

!

The route gets redistributed with 192.0.3.1 as next hop, and traffic gets filtered out at the edge.

PE_X_#sh ip cef 69.0.0.1

69.0.0.1/32, version 19162, epoch 0

0 packets, 0 bytes

tag information from 192.0.3.1/32, shared

local tag: implicit-null

via 192.0.3.1, 0 dependencies, recursive

next hop 192.0.3.1, Null0 via 192.0.3.0/24

valid null (drop) adjacency

Alexandru

326
Views
0
Helpful
1
Replies
CreatePlease login to create content