Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1172
Views
0
Helpful
4
Replies

Issues blackholing an IP using BGP with community strings

Brandon Baker
Level 1
Level 1

‎08-08-2017 05:48 AM - edited ‎03-05-2019 08:58 AM

I am trying to blackhole an ip with an upstream provider but am having no luck. They say they are not receiving the community string from me. This is what I am entering:

6461:5990 is Zayo blackhole community

conf t

route-map ddos permit 10

set community 6461:5990

ip route X.X.128.88 255.255.255.255 Null0

router bgp (AS NUMBER)

neighbor (zayo ip) send-community

network X.X.128.88 mask 255.255.255.255 route-map ddos

I have also just tried

ip route X.X.128.88 255.255.255.255 Null0

ip access-list permit 24 X.X.128.88

route-map ddos permit 10

match ip address 24

set community 6461:5990

router bgp (AS NUMBER)

neighbor (zayo ip) route-map ddos out

neighbor (zayo ip) send-community

Does anyone see anything wrong with either of these commands?

Labels:
0 Helpful
4 Replies 4

paul driver
VIP
VIP

‎08-08-2017 06:57 AM

Hello

can you post the output from this please:

sh ip bgp neighbors | s Neighbor capabilities


res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Brandon Baker
Level 1
Level 1
In response to paul driver

‎08-08-2017 07:03 AM

It may be working now- I am awaiting a response from Zayo:

here is the requested output:

Neighbor capabilities:
    Route refresh: advertised and received(new)
    Four-octets ASN Capability: advertised and received
    Address family IPv4 Unicast: advertised and received
    Graceful Restart Capability: received
      Remote Restart timer is 120 seconds
      Address families advertised by peer:
        IPv4 Unicast (was not preserved
    Enhanced Refresh Capability: advertised
    Multisession Capability:
    Stateful switchover support enabled: NO for session 1
  Neighbor capabilities:
    Route refresh: advertised and received(new)
    Four-octets ASN Capability: advertised and received
    Address family IPv4 Unicast: advertised and received
    Graceful Restart Capability: received
      Remote Restart timer is 120 seconds
      Address families advertised by peer:
        none
    Enhanced Refresh Capability: advertised
    Multisession Capability:
    Stateful switchover support enabled: NO for session 1
  Neighbor capabilities:
    Route refresh: advertised and received(new)
    Four-octets ASN Capability: advertised and received
    Address family IPv4 Unicast: advertised and received
    Graceful Restart Capability: received
      Remote Restart timer is 120 seconds
      Address families advertised by peer:
        none
    Enhanced Refresh Capability: advertised
    Multisession Capability:
    Stateful switchover support enabled: NO for session 1
  Neighbor capabilities:
    Route refresh: advertised and received(new)
    Four-octets ASN Capability: advertised
    Address family IPv4 Unicast: advertised and received
    Enhanced Refresh Capability: advertised
    Multisession Capability:
    Stateful switchover support enabled: NO for session 1
  Neighbor capabilities:
    Route refresh: advertised and received(new)
    Four-octets ASN Capability: advertised
    Address family IPv4 Unicast: advertised and received
    Enhanced Refresh Capability: advertised
    Multisession Capability:
    Stateful switchover support enabled: NO for session 1
  Neighbor capabilities:
    Route refresh: advertised and received(new)
    Four-octets ASN Capability: advertised
    Address family IPv4 Unicast: advertised and received
    Enhanced Refresh Capability: advertised
    Multisession Capability:
    Stateful switchover support enabled: NO for session 1
  Neighbor capabilities:
    Route refresh: advertised and received(new)
    Four-octets ASN Capability: advertised
    Address family IPv4 Unicast: advertised and received
    Enhanced Refresh Capability: advertised
    Multisession Capability:
    Stateful switchover support enabled: NO for session 1
  Neighbor capabilities:
    Route refresh: advertised and received(new)
    Four-octets ASN Capability: advertised
    Address family IPv4 Unicast: advertised and received
    Enhanced Refresh Capability: advertised
    Multisession Capability:
    Stateful switchover support enabled: NO for session 1

0 Helpful

paul driver
VIP
VIP
In response to Brandon Baker

‎08-08-2017 07:28 AM

Hello

This is what I was looking for on you bgp peerings   <---  Four-octets ASN Capability: advertised and received

Which mean both sides ogf the peering support that feature however I did notice just the advertised on one of them

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

CSCO12744192
Level 1
Level 1

‎08-08-2017 07:07 AM

Hello Brandon Baker,

it may be silly question but want to insure , did you have insure also that network is being seeing at the advertisement list to the peer by :

show ip bgp neighbors (zayo ip) advertise

also i don't know if you have entered it but in order to use the community from the syntax XXXX:XXXX and not XXXXXXXX you should enter:

ip bgp-community new-format , that because by default the bgp display this community as 4byte number but when it command entered it display it as 2byte/2byte community that may be the problem.

0 Helpful
Customers Also Viewed These Support Documents