Got it

Blackhole routing for eBGP peer interconnection

Latest reply: Sep 28, 2018 15:46:05 2804 2 0 0 0

 

Hello everyone! As a local enterprise, you will have to establish a company network and most likely you will need to interconnect your network with one or more ISPs. The most common case is interconnecting by using a eBGP session between your network edge device and the ISP PE device.

Let’ consider the topology below:

 

 

In this topology AS 20 is the Enterprise network and the two other ASes (10 and 30) belong to two different ISPs.

Problems start appearing when I try to advertise certain routing information to the ISPs. For this example I will try to advertise prefix 200.1.0.0/24 to both eBGP peers. For this I will first need to add the network command in BGP view as below:

#

bgp 20

 network 200.1.0.0 24

#

For BGP to advertise this prefix to its peers I also need to add a static route for this prefix:

#

ip route-static 200.1.0.0 24 GigabitEthernet 2/0/0

#

Right not the prefix will be advertised but yet another problem appears. In AS 20 i only use half of the /24 range, the rest of it being reserved for future expansions. This being the case whenever I receive packets destined to unused ip address from the advertised range I would like Router B to drop these packets, thus eliminating any security threat (e.g. DDoS attacks).

To accomplish this I need to modify the static route to a blackhole one so I can be sure that any packet with a non-existent destination will be dropped.

The configuration to modify the static route is below:

#

undo ip route-static 200.1.0.0 24 GigabitEthernet 2/0/0

ip route-static 200.1.0.0 24 Null 0

#

After appling this configuration I can be sure that all security threats have been eliminated and I have a full functioning network.

This is what I want to talk about/share with you today, thank you!

 

  • x
  • convention:

oyshuo
Created Mar 5, 2014 02:33:19

thanks for your share.
View more
  • x
  • convention:

faysalji
Author Created Sep 28, 2018 15:46:05

Good scenario to interconnect your network with one or more ISPs
View more
  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.