Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
224
Views
0
Helpful
4
Replies

RTB destination mode on cml

heiliger-eliet
Level 1
Level 1

‎07-27-2025 10:03 AM

 

Hi there 

Im trying to do a test of RTB destination mode on cml, I use the topology that you con see below.

The goal is the AS3000 can't reach the server 1(10.100.44.2) using RTBH.

I configures the black hole route en both PE (192.168.6.6/32 to null 0)

 

P5 is the RTBH trigger , I make the redistribution of static routes with route map also I configured the static route wtith a tag 

ip route 10.100.44.0 255.255.255.252 Null0 tag 666

 but BGP does no redistribute it, also I can't see any match on route map. I don't understand why, can some one tell me ? the configuration are below.    

heiligereliet_1-1753630432746.png

 

heiligereliet_3-1753634599988.png

heiligereliet_0-1753630244920.png

 

 

hostname PE1
!
vrf definition sr-test
 description test segment-routing L3 vpn
 rd 1000:101
 !
 address-family ipv4
  route-target export 1000:101
  route-target import 1000:101
 exit-address-family
!


!
license udi pid CSR1000V sn 9KZTOTYC97Q
diagnostic bootup level minimal
memory free low-watermark processor 71464
!
!
spanning-tree extend system-id
lacp system-priority 10
!
!
redundancy
!
!
!
!
!
!
!
!
class-map match-all sr-test
  description test qos bw control
!
policy-map qos-test
 class class-default
  police rate 8000 
   conform-action transmit 
   exceed-action drop 
!
! 
!

! 
!
!
interface Loopback1
 ip address 11.11.11.11 255.255.255.255
 ip ospf 1 area 0
!
interface GigabitEthernet1
 ip address 10.100.111.11 255.255.255.0
 ip ospf network point-to-point
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet2
 ip address 10.100.112.12 255.255.255.0
 ip ospf network point-to-point
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet3
 vrf forwarding sr-test
 ip address 10.200.1.1 255.255.255.0
 negotiation auto
 no mop enabled
 no mop sysid
 service-policy input qos-test
!
interface GigabitEthernet4
 ip address 10.44.44.2 255.255.255.0
 ip ospf 1 area 0
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet5
 no ip address
 shutdown
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet6
 no ip address
 shutdown
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet7
 ip address 10.100.44.1 255.255.255.252
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet8
 no ip address
 shutdown
 negotiation auto
 no mop enabled
 no mop sysid
!
!
segment-routing mpls
 !
 connected-prefix-sid-map
  address-family ipv4
   11.11.11.11/32 index 11 range 1 
  exit-address-family
 !
!
segment-routing traffic-eng
 segment-list name to-pe2
  index 1 mpls adjacency 10.100.111.1
  index 2 mpls adjacency 10.100.15.5
  index 3 mpls label 16003
  index 4 mpls label 16022
 !
 policy sr-test
  shutdown
  color 101 end-point 22.22.22.22
  candidate-paths
   preference 100
    explicit segment-list to-pe2
    !
   !
  !
 !
!
router ospf 1
 router-id 11.11.11.11
 segment-routing mpls
 distribute link-state
 redistribute bgp 1000 route-map red-to-ospf
 network 10.100.0.0 0.0.255.255 area 0
 mpls traffic-eng router-id Loopback1
 mpls traffic-eng area 0
!
router bgp 1000
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 5.5.5.5 remote-as 1000
 neighbor 5.5.5.5 update-source Loopback1
 neighbor 10.44.44.1 remote-as 4000
 neighbor 10.44.44.1 update-source GigabitEthernet4
 !
 address-family ipv4
  network 10.100.44.0 mask 255.255.255.252
  neighbor 5.5.5.5 activate
  neighbor 10.44.44.1 activate
 exit-address-family
 !
 address-family vpnv4
  neighbor 5.5.5.5 activate
  neighbor 5.5.5.5 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf sr-test
  redistribute connected
 exit-address-family
!
ip forward-protocol nd
no ip http server
ip http secure-server
!
ip route 22.22.22.22 255.255.255.255 segment-routing policy sr-test
ip route vrf sr-test 192.168.1.0 255.255.255.0 10.200.1.2
ip route vrf sr-test 192.168.2.0 255.255.255.0 10.200.2.1
!
!
ip access-list standard 44
 10 permit 10.44.4.0 0.0.0.7
ip access-list standard 50
 10 permit any
!
!
route-map red-to-ospf permit 10 
 description redistibution BGP to OSPF filter
 match ip address 44
!
!
end

 

 

router p5 (rtbh-trigger)

hostname p5
!

ip cef
login on-success log
no ipv6 cef
!


spanning-tree mode rapid-pvst
!

!
interface Null0
 no ip unreachables
!
interface Loopback1
 ip address 5.5.5.5 255.255.255.255
 ip ospf 1 area 0
!
interface Ethernet0/0
 ip address 10.100.15.5 255.255.255.0
 ip ospf network point-to-point
!
interface Ethernet0/1
 ip address 10.100.25.5 255.255.255.0
 ip ospf network point-to-point
!
interface Ethernet0/2
 ip address 10.100.45.5 255.255.255.0
 ip ospf network point-to-point
!
interface Ethernet0/3
 ip address 10.100.35.5 255.255.255.0
 ip ospf network point-to-point
!
!
segment-routing mpls
 !
 connected-prefix-sid-map
  address-family ipv4
   5.5.5.5/32 index 5 range 1 
  exit-address-family
 !
!
router ospf 1
 router-id 5.5.5.5
 segment-routing mpls
 network 10.100.0.0 0.0.255.255 area 0
!
router bgp 1000
 bgp router-id interface Loopback1
 bgp log-neighbor-changes
 bgp listen range 22.22.22.0/24 peer-group pe-group
 bgp listen range 11.11.11.0/24 peer-group pe-group
 no bgp default ipv4-unicast
 neighbor pe-group peer-group
 neighbor pe-group remote-as 1000
 neighbor pe-group update-source Loopback1
 !
 address-family ipv4
  redistribute static route-map rtbh-test
  neighbor pe-group activate
  neighbor pe-group send-community both
  neighbor pe-group route-reflector-client
 exit-address-family
 !
 address-family vpnv4
  neighbor pe-group activate
  neighbor pe-group send-community extended
  neighbor pe-group route-reflector-client
 exit-address-family
!
ip forward-protocol nd
!

ip http server
ip http secure-server
ip route 10.100.44.0 255.255.255.252 Null0 tag 666
ip ssh bulk-mode 131072
no logging btrace
ip access-list standard 1
 10 permit 10.15.25.7
route-map rtbh-test permit 10 
 match tag 666
 set local-preference 500
 set origin igp
 set community no-export
 set ip next-hop 162.168.6.6
!
route-map rtbh-test deny 20 
!

!
control-plane
!
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
 exec-timeout 0 0
 login
 transport input ssh
!
!
!
!
end

 

 

PE-2

 

hostname PE2

!
vrf sr-test
 rd 1000:101
 address-family ipv4 unicast
  import route-target
   1000:101
  !
  export route-target
   1000:101
  !
 !
!
interface Loopback1
 ipv4 address 22.22.22.22 255.255.255.255
!         
interface MgmtEth0/RP0/CPU0/0
 shutdown
!
interface GigabitEthernet0/0/0/0
 ipv4 address 10.100.223.22 255.255.255.0
!
interface GigabitEthernet0/0/0/1
 ipv4 address 10.100.224.22 255.255.255.0
!
interface GigabitEthernet0/0/0/2
 shutdown
!
interface GigabitEthernet0/0/0/3
 vrf sr-test
 ipv4 address 10.200.2.1 255.255.255.0
!
interface GigabitEthernet0/0/0/4
 shutdown
!
interface GigabitEthernet0/0/0/5
 shutdown
!
interface GigabitEthernet0/0/0/6
 shutdown
!
interface GigabitEthernet0/0/0/7
 shutdown
!
interface GigabitEthernet0/0/0/8
 ipv4 address 10.33.33.2 255.255.255.0
!
prefix-set red-to-ospf
  10.33.3.3/32,
  10.33.3.2/32
end-set
!
route-policy pass-all
  pass
end-policy
!
route-policy red-to-ospf
  if destination in red-to-ospf then
    pass
  endif
end-policy
!         
router static
 address-family ipv4 unicast
  192.168.6.6/32 Null0
 !
 vrf sr-test
  address-family ipv4 unicast
   192.168.1.0/24 10.200.1.1
   192.168.2.0/24 10.200.2.2
  !
 !
!
router ospf 1
 router-id 22.22.22.22
 redistribute bgp 1000 route-policy red-to-ospf
 address-family ipv4 unicast
 area 0
  segment-routing mpls
  interface Loopback1
   prefix-sid index 22
  !
  interface GigabitEthernet0/0/0/0
   network point-to-point
  !       
  interface GigabitEthernet0/0/0/1
   network point-to-point
  !
  interface GigabitEthernet0/0/0/8
  !
 !
!
router bgp 1000
 address-family ipv4 unicast
 !
 address-family vpnv4 unicast
 !
 neighbor 5.5.5.5
  remote-as 1000
  update-source Loopback1
  address-family ipv4 unicast
  !
  address-family vpnv4 unicast
  !
 !
 neighbor 10.33.33.1
  remote-as 3000
  update-source GigabitEthernet0/0/0/8
  address-family ipv4 unicast
   route-policy pass-all in
   route-policy pass-all out
  !
 !
 vrf sr-test
  address-family ipv4 unicast
   redistribute connected
  !
  neighbor 5.5.5.5
   remote-as 1000
   address-family ipv4 unicast
   !
  !
 !
!
end

 

 

Labels:
0 Helpful
4 Replies 4

MHM Cisco World
VIP
VIP

‎07-27-2025 10:26 AM

You can not use show route map to checl if traffic redirect or not' this as I know 

You need to use 

Show ip cef <> detail 

Show you count of packet pass to null0

Or 

Use 

Debug ip packet 

MHM

0 Helpful

heiliger-eliet
Level 1
Level 1

‎07-27-2025 03:46 PM

I tried some debug commands  , but i not get useful information.l 

debug ip bgp ipv4 unicast

*Jul 27 22:00:25.027: BGP: Applying map to find origin for 10.100.44.0/30

p5#show ip cef 10.100.44.0/30 detail
      10.100.44.0/30, epoch 0, flags [attached]
      attached to Null0

0 Helpful

heiliger-eliet
Level 1
Level 1

‎07-27-2025 03:53 PM

looks like the route map work but bgp does not advertiser the route 

p5#show bgp ipv4 unicast neighbors 22.22.22.22 advertised-routes

Total number of prefixes 0
p5#

I tried some debug commands  , but i not get useful information.l 

debug ip bgp ipv4 unicast

*Jul 27 22:00:25.027: BGP: Applying map to find origin for 10.100.44.0/30

p5#show ip cef 10.100.44.0/30 detail
      10.100.44.0/30, epoch 0, flags [attached]
      attached to Null0

0 Helpful

heiliger-eliet
Level 1
Level 1

‎07-27-2025 04:32 PM

hola 

I make it all ready work, I had to add the route of RTBH on the trigger router . 

thanks a lot !!!!

 

0 Helpful
Customers Also Viewed These Support Documents