The set next-hop discard configuration is used in the neighbor inbound policy. When this config is applied
to a path, though the primary next-hop is associated with the actual path but the RIB is updated with next-hop
set to Null0. Even if the primary received next-hop is unreachable, the RTBH path is considered reachable
and will be a candidate in the bestpath selection process. The RTBH path is readvertised to other peers with
either the received next-hop or nexthop-self based on normal BGP advertisement rules.
A typical deployment scenario for RTBH filtering would require running internal Border Gateway Protocol
(iBGP) at the access and aggregation points and configuring a separate device in the network operations center
(NOC) to act as a trigger. The triggering device sends iBGP updates to the edge, that cause undesirable traffic
to be forwarded to a null0 interface and dropped.
Consider below topology, where a rogue router is sending traffic to a border router.
Figure 6: Topology to Implement RTBH Filtering
Configurations applied on the Trigger Router
Configure a static route redistribution policy that sets a community on static routes marked with a special tag,
and apply it in BGP:
route-policy RTBH-trigger
if tag is 777 then
set community (1234:4321, no-export) additive
pass
else
pass
endif
end-policy
router bgp 65001
address-family ipv4 unicast
redistribute static route-policy RTBH-trigger
!
neighbor 192.168.102.1
remote-as 65001
address-family ipv4 unicast
route-policy bgp_all in
route-policy bgp_all out
Configure a static route with the special tag for the source prefix that has to be block-holed:
router static
address-family ipv4 unicast
10.7.7.7/32 Null0 tag 777
Routing Configuration Guide for Cisco NCS 6000 Series Routers, IOS XR Release 6.4.x
35
Implementing BGP
Configuring Destination-based RTBH Filtering
To Next Page
Loading...
Need help?
General
