Thank you for your reply. 

I will test your solution.

By the way, I found another solution.

When I add the red line below, it worked well

However, I really do not understand why it worked. (I was mistakenly found this solution)

I interpret

Route-map V4-RM-S2B permit 5

as below. 

Can you help me?

route-map V4-RM-S2B permit 5  ### this inject static route into BGP ###
match tag 666 ### only static route with tag 666 allowed to be injected into BGP, which is 100.100.100.100 255.255.255.255 null 0  ###

set ip next-hop 100.100.100.100 ### 100.100.100.100/24 next-hop 100.100.100.100 (this part made my lab worked, but I don't understand. ###
route-map V4-RM-S2B permit 10
match tag 65001
match source-protocol static
set origin igp
set community 11:65001

Yes, this will work as well, as the verification of the directly connected next hop happens before the

route-map 

is applied.

Regards,

Thank you for your kind reply.

1 last question. Which method does ISPs use for RTBH? Does IPSs use "disable-connected-check"  or use my method for their clients?

Is their a better way to implement RTBH?

By the way, I appreciate for your time and answers.

I have seen both being used. My preference would be to set the next hop in the

route-map 

like you did.

Regards,

Hello @Harold Ritter

This is an old post, but could you please shed some light on what you've said? I still do not understand why eBGP doesn't install route into RIB, if next hop (static blackhole) is not redistributed into BGP process with ITSELF as a next hop? It's like chicken and the egg...

I've just tried to re-create above such as CPE sends 10.10.1.100/32 using community 65000:666, and my PE accepts this community and sets next hop to 192.0.2.1. It doesn't work if static to 192.0.2.1 is not part of BGP process, moreover, it doesn't work if I don't sent next hop to 192.0.2.1 during redistribution... Doesn't make any sense to me as I effectively redistribute Null0 static but set next hop to 192.0.2.1 such as below

SP PE:

router bgp 65000
 redistribute static route-map S2B
 neighbor 1.1.1.2 remote-as 65001
 neighbor 1.1.1.2 route-map FROM-CPE in
!
ip route 192.0.2.1 255.255.255.255 Null0 tag 666
!
route-map FROM-CPE permit 10
 match community RTBH
 set ip next-hop 192.0.2.1
route-map FROM-CPE permit 20
!
route-map S2B permit 10
 match tag 666
 set community no-export

If I leave config as above, it sees 192.0.2.1 as inaccessible next hop, even though it is IN the BGP topology:

BGP routing table entry for 10.10.1.100/32, version 0
Paths: (1 available, no best path)
Flag: 0x4100
  Not advertised to any peer
  Refresh Epoch 1
  65001, (received & used)
    192.0.2.100 (inaccessible) from 1.1.1.2 (10.10.2.1)
      Origin incomplete, metric 0, localpref 100, valid, external
      Community: 65000:666
      rx pathid: 0, tx pathid: 0

The moment I modify my redistribution route-map to include next hop modification it works OK!

route-map V4-BGP-STATIC permit 10
 match tag 666
 set community no-export
 set ip next-hop 192.0.2.100
route-map V4-BGP-STATIC permit 20

So, the question is... why? :)

I redistribute route to 192.0.2.1 into BGP and I set next hop to 192.0.2.1 ?!!

Can't get the idea, really

As was previously mentioned 'disable-connected-check' makes it work as well.

Also, I found it works if I modify FROM-CPE route map to look like this:

route-map FROM-CPE permit 10
 match community RTBH
 set ip next-hop 192.0.2.1
 set origin igp
route-map FROM-CPE permit 20

Appreciate if you can explain this trick with next hop a bit. Regards

Hi Tymofii,

You do not want to redistribute the static route in BGP. This static route is only for local recursion and should not be redistributed through the network.

As mentioned before, the issue when receiving a route via eBGP is that it checks whether the next hop is directly connected or not. There are are least ways to address this. The first one is to use the "disable-connected-check" knob. The other one is to change the next on the receiving router, instead of changing it on the sending router.

Regards,

Thanks @Harold Ritter