Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
Receiving via ibgp route ...

Receiving via ibgp route community blackhole and then advertise to upstreams using community blackhole.

Created: Nov 5, 2019 22:52:21Latest reply: Nov 7, 2019 09:33:13 490 4 0 0 0
  Rewarded HiCoins: 0 (problem resolved)
View the author 1#

Hello!


I receive a route with community myasn:666 from my ibgp peer. I need to advertise this route to my upstreams with community 666 (blackhole)

Can someone show a example of a route-policy that solve this situation?


 

Like (0) Dislike (0) Favorite(0) Share Report
Previous: Virtual Box
Next: Please let me know how to update the firmware in s5720 Data Switch - Reg.
Featured Answers

Best answer

(1) (0)
Popeye_Wang
Admin Created Nov 6, 2019 01:52:05

Hi,
I don't quite understand what you mean by blackhole. Do you mean the no-advertise community?

#
ip community-filter 1 permit myasn:666
#
route-policy 1 permit node 10
if-match community-filter 1
apply community 666 no-advertise
#
BGP XXX
ipv4-family unicast
peer X.X.X.X route-policy 1 export
peer X.X.X.X advertise-community
peer X.X.X.X advertise-ext-community
#

Does this configuration meet your requirement?
View more
  • x
  • convention:
All Answers
(1) (0)
2#
Popeye_Wang
Popeye_Wang Admin Created Nov 6, 2019 01:52:05

Hi,
I don't quite understand what you mean by blackhole. Do you mean the no-advertise community?

#
ip community-filter 1 permit myasn:666
#
route-policy 1 permit node 10
if-match community-filter 1
apply community 666 no-advertise
#
BGP XXX
ipv4-family unicast
peer X.X.X.X route-policy 1 export
peer X.X.X.X advertise-community
peer X.X.X.X advertise-ext-community
#

Does this configuration meet your requirement?
View more
  • x
  • convention:
(0) (0)
3#
gilberto_milhomem
gilberto_milhomem Created Nov 7, 2019 03:13:24

Hi @Popeye_Wang

Thanks for your answer.

Answering your question
I don't quite understand what you mean by blackhole. Do you mean the no-advertise community?

For example, when i receive a ddos attack, i advertise to my upstreams the ip address attacked with community blackhole(community  666) then my upstreams filter the ip address, stopping the attack. Consequentely anybody on internet can't communicate  with this ip address.

i did the following

route-policy upstreamA_export permit node 10
if-match community-filter 1
apply community 65000:666 additive

ip community-filter 1 permit myasn:666

When i did this, i look bgp routing table peer ip-my-upstream advertised-routes 192.168.0.0

it display
Community:<myasn:666>, <65000:666>

Is it possible remove my internal community from my advertise?

View more
  • x
  • convention:
(0) (0)
4#
Popeye_Wang
Popeye_Wang Admin Created Nov 7, 2019 09:33:13

Posted by gilberto_milhomem at 2019-11-07 03:13 Hi @Popeye_Wang Thanks for your answer.Answering your questionI don't quite understand what you mean ...

This parameter additive is used to adding community attributes. If you do not need the original attributes, remove this parameter.

View more
  • x
  • convention:

gilberto_milhomem
gilberto_milhomem Created Nov 7, 2019 14:00:38 (0) (0)
Perfect.

Thanks @Popeye_Wang !  
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.