BGP Blackhole Community Attribute

OcNOS-SP : Layer 3 Guide : Layer 3 Unicast Configuration Guide : BGP : BGP Blackhole Community Attribute

A blackhole route is used to forward unwanted or undesirable traffic into a black hole. In other words, a special logical interface called a null interface, is used to create the black hole. Static routes are created for destinations that are not desirable, and the static route configuration points to the null interface. Any traffic that has a destination address that has a best match of the black hole static route automatically will be dropped.

Note: 65535:666 is reserved for Blackhole community.

Topology

Figure 1-40: BGP Blackhole Community Attribute topology

Configuration

#configure terminal	Enter Configure mode.
(config)#interface xe5	Enter Interface mode
(config-if)# ip address 5.5.5.1/24	Assign IP address to interface
(config-if)#exit	Exit interface mode
(config)#interface xe20	Enter Interface mode
(config-if)# ip address 20.1.1.1/24	Assign IP address to interface
(config-if)#exit	Exit interface mode
(config)# router bgp 100	Enter Router BGP mode
(config-router)# neighbor 5.5.5.2 remote-as 200	Define BGP neighbors. 5.5.5.2 is the IP address of the neighbor (R2) and 200 is the neighbors AS number
(config-router)# address-family ipv4 unicast	Enter into BGP address family IPv4
(config-router-af)#neighbor 5.5.5.2 activate	Activate the neighbor
(config-router-af)#network 20.1.1.0/24	Advertise networks with prefix
(config-router-af)# commit	Commit the configurations
(config-router-af)# end	Return to privilege mode

#configure terminal	Enter Configure mode.
(config)#interface xe5	Enter Interface mode
(config-if)# ip address 5.5.5.2/24	Assign IP address to interface
(config-if)#exit	Exit interface mode
(config)#interface xe1	Enter Interface mode
(config-if)# ip address 1.1.1.2/24	Assign IP address to interface
(config-if)#exit	Exit interface mode
(config)# router bgp 200	Enter Router BGP mode
(config-router)# neighbor 5.5.5.1 remote-as 100	Define BGP neighbors. 5.5.5.1 is the IP address of the neighbor (R1) and 100 is the neighbors AS number
(config-router)# neighbor 1.1.1.1 remote-as 300	Define BGP neighbors. 1.1.1.1 is the IP address of the neighbor (R3) and 100 is the neighbors AS number
(config-router)# address-family ipv4 unicast	Enter into BGP address family IPv4
(config-router-af)#neighbor 5.5.5.1 activate	Activate the neighbor
(config-router-af)#neighbor 1.1.1.1 activate	Activate the neighbor
(config-router-af)# commit	Commit the configurations
(config-router-af)# end	Return to privilege mode

#configure terminal	Enter Configure mode.
(config)#interface xe1	Enter Interface mode
(config-if)# ip address 1.1.1.1/24	Assign IP address to interface
(config-if)#exit	Exit interface mode
(config)#interface xe18	Enter Interface mode
(config-if)# ip address 18.1.1.1/24	Assign IP address to interface
(config-if)#exit	Exit interface mode
(config)# router bgp 300	Enter Router BGP mode
(config-router)# neighbor 1.1.1.2 remote-as 200	Define BGP neighbors. 1.1.1.2 is the IP address of the neighbor (R2) and 200 is the neighbors AS number
(config-router)# address-family ipv4 unicast	Enter into BGP address family IPv4
(config-router-af)#neighbor 1.1.1.2 activate	Activate the neighbor
(config-router-af)#network 18.1.1.0/24	Advertise networks with prefix
(config-router-af)# commit	Commit the configurations
(config-router-af)# end	Return to privilege mode

Black Hole configuration on R3

#configure terminal	Enter Configure mode.
(config)#route-map D permit 10	Enter Route-map mode to set the match operation
(config-route-map)#set community no-export 65535:666 additive	Configure Reserved Black hole community in Route-map mode
(config-route-map)#commit	Commit the configuration
(config-route-map)#exit	Return to configuration mode
(config)#router bgp 300	Enter Router BGP mode
(config-router)#address-family ipv4 unicast	Enter into BGP address family IPv4
(config-router-af)#neighbor 1.1.1.2 route-map D out	Apply Route-map for the neighbor 1.1.1.2 in out direction
(config-router-af)#commit	Commit the configurations
(config-router-af)#end	Return to privilege mode
#clear ip bgp * soft out	Soft reset after applying Route-map

Validation

# show ip bgp community

BGP table version is 4, local router ID is 5.5.5.2

Status codes: s suppressed, d damped, h history, a add-path, * valid, > best, i - internal,

l - labeled, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 18.1.1.0/24 1.1.1.1 0 100 0 300 i

Total number of prefixes 1

#show ip bgp 18.1.1.0/24

BGP routing table entry for 18.1.1.0/24

Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised to EBGP peer)

Not advertised to any peer

AS path:300

Nexthop:1.1.1.1 from 1.1.1.1 (Remote Id:1.1.1.1)

Origin IGP, metric 0, localpref 100 valid, external, best, source safi: 1

Community: 65535:666 no-export

Not advertised to any peer

Last update: Tue Apr 16 21:48:01 2019

#show ip route

Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP

O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,

ia - IS-IS inter area, E - EVPN,

v - vrf leaked

* - candidate default

IP Route Table for VRF "default"

C 1.1.1.0/24 is directly connected, xe1, 00:10:22

C 5.5.5.0/24 is directly connected, xe5, 00:10:49

B 18.1.1.0/24 [20/0] is a summary, Null, 00:02:00

B 20.1.1.0/24 [20/0] via 5.5.5.1, xe5, 00:05:46

C 127.0.0.0/8 is directly connected, lo, 00:35:31

Gateway of last resort is not set

#sh ip route