cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
603
Views
0
Helpful
2
Replies

Add /32 route ro null0 RTBH by community

att-community.jpg

 

Hi router send netflow for the server if server detect attack on my network announce /32 ip address victim ip  

by community 65000:400 

Now How edit route-map if announe ip address by this ip address by this community send to null 0 and if announce stop back to normal route ???

1 Accepted Solution

Accepted Solutions

Hello
If you wish to inform bgp peers to initiate RTBH for a particular server that’s being attacked then depending on how the server is initially being advertised)?

Example:
rtr 1

int x.x
descritipn lan
ip address 10.10.10.1 255.255.255.0

or

ip route 10.10.10.10 255.255.255.255 x.x.x.x tag 99 name Server


ip access-list standard server
permit host 10.10.10.10


route-map ServerCom
match ip address server
set community 65000:400

router bgp xxxx
neighbour <rtr2> send community both
network 10.10.10.10 mask 255.255.255.255 route-map ServerComm out
or
neighbour <rtr2> route-map ServerComm out
redistribute static

 


Apply RTBH on upstream bgp rtr2

rtr2
ip route 169.254.254.254 255.255.255.255 null0

int null0
no ip unreachables

ip community-list 5 permit 65000:400

route-map RTBH
match community 5
set ip next-hop 169.254.254.254
set community no-export

route-map RTBH permit 100


router bgp xxxx
neighbour <rtr1> route-map RTBH in


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

2 Replies 2

Hello
If you wish to inform bgp peers to initiate RTBH for a particular server that’s being attacked then depending on how the server is initially being advertised)?

Example:
rtr 1

int x.x
descritipn lan
ip address 10.10.10.1 255.255.255.0

or

ip route 10.10.10.10 255.255.255.255 x.x.x.x tag 99 name Server


ip access-list standard server
permit host 10.10.10.10


route-map ServerCom
match ip address server
set community 65000:400

router bgp xxxx
neighbour <rtr2> send community both
network 10.10.10.10 mask 255.255.255.255 route-map ServerComm out
or
neighbour <rtr2> route-map ServerComm out
redistribute static

 


Apply RTBH on upstream bgp rtr2

rtr2
ip route 169.254.254.254 255.255.255.255 null0

int null0
no ip unreachables

ip community-list 5 permit 65000:400

route-map RTBH
match community 5
set ip next-hop 169.254.254.254
set community no-export

route-map RTBH permit 100


router bgp xxxx
neighbour <rtr1> route-map RTBH in


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

rtr2
ip route 169.254.254.254 255.255.255.255 null0

int null0
no ip unreachables

ip community-list 5 permit 65000:400

route-map RTBH
match community 5
set ip next-hop 169.254.254.254
set community no-export

route-map RTBH permit 100

 

this part is solution