I'm using a a ASR9901 running 64 bit 6.6.3.
For a IPv6 RTBH service (using 6PE) I'd like to change the BGP NH from ::ffff:z.x.c.v to ::ffff:192.168.1.1 (where z.x.c.v is the mpls loopback and ::ffff.192.168.1.1 have a static route pointing to null 0) on a ibgp session.
It's possible to change a ipv6 unicast ibgp & ebgp session but as I stated not for a ipv6 labeled unicast session, maybe that not suppose to work, anybody knows ?
PS I have tested with and without " ibgp policy out enforce-modifications"
if the next-hop address is all you want to change, you should be able to do that with the route policy:
if next-hop in <some_prefix_set> then
set next-hop <something>
Did you give it a try?
Hi Aleksandar, yes I have been elaborat with the RPL with different NH's
Let me continue in the answer to Harold (below), thanks for your reply//Jonas
For 6PE, the next hop needs to be IPv4. Anything else will not work and will return the following error message.
Therefore in your case, use "set next-hop 192.168.1.1" in the route-policy and the static route 192.168.1.1 to null 0.
Hi Harold, thanks for your reply.
actually I have been testing different configuration in the route-policy
Ive got a setup in the lab looks like:
Arbor PI <----ibgp--->ASR9901<---ibgp---->RR<------ibgp----->PE
Abor adv. one ipv4 address and one ipv6 address to the ASR9K with NH "192.168.1.1" and "::ffff:192.168.1.1"
ASR9901 and PE has static routes for both NH's to null 0.
Ipv4 has been OK all the time (NH in PE is "192.168.1.1" for the prefix thats going to be blackholed,
I think I actually only tried to set BGP NH to "192.168.1.1" ingress in the ASR9901 on the peering to Arbor and it did not work
I tried to set NH to "::ffff:192.168.1.1" egress to the RR but the PE received the route with NH "::ffff:ASR9901 ldp loobback"
Now I tried what you suggested and its working!
non RTBH prefix
PE> show route x:x:x:x::102/128 detail | match "protocol next"
Protocol next hop: ::ffff:x.x.x.x # ldp loopback on the 9901
PE> show route x:x:x:x::104/128 detail | match "protocol next"
Protocol next hop: ::ffff:192.0.2.1 # this is now working
Most of the testing I did before was without " ibgp policy out enforce-modifications"
Also with and without that command I did not get the error messages as you wrote :
would that be a commit error or a syslog error ?
Also is " ibgp policy out enforce-modifications" a must or will it work without?
I will try it out in the lab
again thank you for your reply!
Hi, just f.y.i
ibgp policy out enforce-modifications is mandatory (as its ibgp), retested with and without.
it's generating a syslog messages telling the route-polucy can not change the NH.
I will do more testing as I'm mixing mixing ipv4/6 prefix where some will be blackholed (null0) and some will be redirected the the sink router.
ibgp policy out enforce-modifications is mandatory on the route reflector, but is not if you apply the policy inbound on the edge device.