Hello everyone! As a local enterprise, you will have to establish a company network and most likely you will need to interconnect your network with one or more ISPs. The most common case is interconnecting by using a eBGP session between your network edge device and the ISP PE device.
Let’ consider the topology below:
In this topology AS 20 is the Enterprise network and the two other ASes (10 and 30) belong to two different ISPs.
Problems start appearing when I try to advertise certain routing information to the ISPs. For this example I will try to advertise prefix 200.1.0.0/24 to both eBGP peers. For this I will first need to add the network command in BGP view as below:
#
bgp 20
network 200.1.0.0 24
#
For BGP to advertise this prefix to its peers I also need to add a static route for this prefix:
#
ip route-static 200.1.0.0 24 GigabitEthernet 2/0/0
#
Right not the prefix will be advertised but yet another problem appears. In AS 20 i only use half of the /24 range, the rest of it being reserved for future expansions. This being the case whenever I receive packets destined to unused ip address from the advertised range I would like Router B to drop these packets, thus eliminating any security threat (e.g. DDoS attacks).
To accomplish this I need to modify the static route to a blackhole one so I can be sure that any packet with a non-existent destination will be dropped.
The configuration to modify the static route is below:
#
undo ip route-static 200.1.0.0 24 GigabitEthernet 2/0/0
ip route-static 200.1.0.0 24 Null 0
#
After appling this configuration I can be sure that all security threats have been eliminated and I have a full functioning network.
This is what I want to talk about/share with you today, thank you!