We have created peer with our ISP and my ISP send community to do backhole but how do i configure that and send community string for blackhole traffic.
ISP said use 64682:0
community for RTBH, I did following config but didn't work
router bgp 100
bgp log-neighbor-changes
redistribute static route-map RTBH
neighbor 71.xxx.xxx.61 remote-as 200
neighbor 71.xxx.xxx.61 send-community
network 70.xx.xx.0 mask 255.255.255.0
route-map RTBH permit 10
match tag 666
set community 64682:666
route-map RTBH permit 20
I am configured about :0
in community because my router not accepting that.
here i am using route to send null.
ip route 71.x.x.100 255.255.255.255 Null0 tag 666
What i am doing wrong?
EDIT:
I was following this Doc to setup community RTBH http://cenic.org/network/bgp-blackhole-community
Update:
I have modify config with following info but still no luck and no auto-summary
is default in BGP
route-map RTBH permit 10
match tag 666
set community 64682:0
set ip next-hop 192.0.2.1
!
route-map RTBH permit 20
Debug info:
When i trigger null route i got following debug debug ip routing
logs
R1#
*Jun 20 15:38:23.212: RT: updating static 70.xx.xx.1/32 (0x0) :
via 0.0.0.0 Nu0 0 1048578
*Jun 20 15:38:23.212: RT: rib update return code: 17
Best Answer
The Cisco documents provide a full explanation for the options, and examples of how to configure your router, depending on the ISP requirements. Be sure to read and understand the text. It explains what you need to do, and why you need to do it.
Here is a very good Cisco document, and an example of one way to do this (your ISP may not do it this way):
REMOTELY TRIGGERED BLACK HOLE FILTERING — DESTINATION BASED AND SOURCE BASED