RPL Policy on IOS XR

usmanpk79 · ‎07-23-2020

How can I add to the below ebgp outbound policy, a condition which is, if community matches

(123) & prefix length is /32 from the below given prefixes then append community 9999

route-policy EBGP

# apply EXPORT-EBGP
if not destination in ( 92.x.0.0/12, 172.25x.0.0/16 le 24, 8.x.0.0/19 le 24, 192.1.x.0/24, 172.15.x.0/24, 92.103.34.0/24, , 92.x.0.0/16 le 24) then
drop
endif
end-policy

usmanpk79 · ‎07-23-2020

Please advise if the below mentioned configuration is correct

this is the prefix of victim (RTBH destination based) we need to allow this prefix and so that the certain community can be set on it and then it can be advertise the eBGP neighbor, and when the remote AS eBGP neighbor see this community coming into their network then can black hole the traffic. Please not that ip address of victim used here is not real.

prefix-set victim-prefix-set

10.7.7.7/32

end-set

!

community-set my_community_set

1:123

end-set

!

route-policy EBGP

if not destination in ( 92.x.0.0/12, 172.25x.0.0/16 le 24, 8.x.0.0/19 le 24, 192.1.x.0/24, 172.15.x.0/24, 92.103.34.0/24, , 92.x.0.0/16 le 24) then

drop

elseif destination in victim-prefix-set then

if (community matches-any my_community_set ) then

set community (1:9999) additive

endif

end-policy

smilstea · ‎07-23-2020

Yes you can stack if statements like that.

ex. elseif condition then if condition 2 then perform action.

Remember that drop is the default action if an action isn't taken on a prefix/etc.

Also in your prefix set instead of one host route you can define an entire subnet with ge /32.

Sam