Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
347
Views
0
Helpful
0
Replies

chaging administrative-distance dynamicaly (by policy) for RTBH

ehaparna
Level 1
Level 1

‎10-10-2023 07:55 AM - edited ‎10-10-2023 08:01 AM

Hello all,

I am getting cornered into a case where may never happen but still I am trying to be prepared.

In RTBH use-case the NLRIs (not important which Address Family) are usually advertised as /32 from a remote PE and normally they arrive via iBGP.

In the following example I'll be using L3VPN terms.

The RTBH NLRI's arrive with a community to indicate that they should be treated specifically and applied as drop routes
But at the PE there are "real" routes coming from a PE-CE protocol e.g. eBGP.

In case both are /32 the local routes will be selected at the VRF level  or at the global BGP level and  RTBH will not work.

router bgp 100
vrf tomer
  neighbor 121.121.121.2
   address-family ipv4 unicast
    route-policy RTBH in


route-policy RTBH
  if community matches-any (100:667) then
    set administrative-distance 1
    set next-hop discard
  end-policy
!
That configuration was not accepted - under BGP

!!% Could not find entry in list: Policy [new] uses the 'administrative-distance' attribute. There is no 'administrative-distance' attribute at the bgp neighbor-in-vrf attach point.

So does anyone know how it can be solved?

I did see some hacks in another thread that by specially writing an ACL.
But I am looking for a dynamic behavior.

Any ideas?
Regards,

Egon

 

2 people had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card