Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
985
Views
0
Helpful
2
Replies

Remote trigger blackhole filtering

Go to solution
sherif_sec
Level 1
Level 1

‎05-24-2011 11:23 PM - edited ‎03-09-2019 11:31 PM

i have some points in RTBF with BGP that i can't understand it , it confuse me

first thats a part of config.

route-map black-hole-trigger permit 10
match tag 66
set ip next-hop 192.0.2.1
set local-preference 200
set origin igp
set community no-export
route-map black-hole-trigger deny 20

why we need the last 4 lines , also in some configuration i found that that in the last line there is PERMIT instead od DENY , why ?

another question , is i must know bgp details for ccie sec lab or just overview would be enough ?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Roman Rodichev
Level 7
Level 7

‎05-25-2011 12:15 AM 

set local-preference 200

this is needed to ensure that if we receive the same route from some other AS (default local pref 100), all BGP routers in our AS will use our local trigger route with local-pref 200

set origin igp

by default static routes redistributed into BGP will have origin incomplete, and this command will set it to origin IGP. IGP wins over incomplete. This plays similar role as the one above.

set community no-export

this is pretty straight forward. We don't want to advertise our trigger route to other AS'es.

route-map black-hole-trigger deny 20

this depends on the situation. Do you have more routes without tag 66 that you want to inject? If yes, do permit, if not, use deny (or rely on implicit deny)

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Roman Rodichev
Level 7
Level 7

‎05-25-2011 12:15 AM 

set local-preference 200

this is needed to ensure that if we receive the same route from some other AS (default local pref 100), all BGP routers in our AS will use our local trigger route with local-pref 200

set origin igp

by default static routes redistributed into BGP will have origin incomplete, and this command will set it to origin IGP. IGP wins over incomplete. This plays similar role as the one above.

set community no-export

this is pretty straight forward. We don't want to advertise our trigger route to other AS'es.

route-map black-hole-trigger deny 20

this depends on the situation. Do you have more routes without tag 66 that you want to inject? If yes, do permit, if not, use deny (or rely on implicit deny)

0 Helpful

Go to solution
sherif_sec
Level 1
Level 1
In response to Roman Rodichev

‎05-25-2011 12:55 AM

thank you for your help

but is i must know bgp details for ccie sec lab or just overview would be enough ?

0 Helpful
Customers Also Viewed These Support Documents