07-23-2020 05:06 AM
How can I add to the below ebgp outbound policy, a condition which is, if community matches
(123) & prefix length is /32 from the below given prefixes then append community 9999
route-policy EBGP
# apply EXPORT-EBGP
if not destination in ( 92.x.0.0/12, 172.25x.0.0/16 le 24, 8.x.0.0/19 le 24, 192.1.x.0/24, 172.15.x.0/24, 92.103.34.0/24, , 92.x.0.0/16 le 24) then
drop
endif
end-policy
07-23-2020 07:09 AM
Please advise if the below mentioned configuration is correct
this is the prefix of victim (RTBH destination based) we need to allow this prefix and so that the certain community can be set on it and then it can be advertise the eBGP neighbor, and when the remote AS eBGP neighbor see this community coming into their network then can black hole the traffic. Please not that ip address of victim used here is not real.
prefix-set victim-prefix-set
10.7.7.7/32
end-set
!
community-set my_community_set
1:123
end-set
!
route-policy EBGP
if not destination in ( 92.x.0.0/12, 172.25x.0.0/16 le 24, 8.x.0.0/19 le 24, 192.1.x.0/24, 172.15.x.0/24, 92.103.34.0/24, , 92.x.0.0/16 le 24) then
drop
elseif destination in victim-prefix-set then
if (community matches-any my_community_set ) then
set community (1:9999) additive
endif
end-policy
07-23-2020 09:39 AM
Yes you can stack if statements like that.
ex. elseif condition then if condition 2 then perform action.
Remember that drop is the default action if an action isn't taken on a prefix/etc.
Also in your prefix set instead of one host route you can define an entire subnet with ge /32.
Sam
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide