I had a discussion a while ago, related how to stop DDoS. Read this first: BGP null route when DDoS?
Finally, we talked to the ISP, and it agreed on setting up a BGP trigger so the next time a DDoS happens, we can trigger RTBH to null route (DDoS) the target IP address to stop traffic at the PE.
Question: I am not an expert in BGP, so my question is how/what I need to configure on my router, and how can I trigger a null route from my router so it will null traffic at the ISP edge router?
Scenario in GNS:
Here i am trying to trigger RTBH from R2 router to R1 so it will null route 172.16.10.100 at R1 (ISP router), But its not working, what i am missing here?
R1: ISP Router
R2: My Router
I have configured iBGP between this two router and trying to simulate RTBH to understand.
R1:
Do i need to configure anything else on R1 to accept trigger?
R1(config)# router bgp 64520
...
...
R1(config)# ip route 192.0.2.1 255.255.255.255 Null0
R2:
R2(config)# route-map RTBH
R2(config-route-map)# match tag 666
R2(config-route-map)# set ip next-hop 192.0.2.1
R2(config-route-map)# set origin igp
R2(config-route-map)# set community no-export
R2(config)# router bgp 64520
R2(config-router)# redistribute static route-map RTBH
Trying to trigger Null route
R2(config)# ip route 172.16.10.100 255.255.255.255 Null0 tag 666
Best Answer
Most RTBH implementations at ISPs require you to announce a subnet (let it be a /32) with appropriate BGP community (again, at most ISPs it's 666) to trigger RTBH at PE.
It seems like you're on right track. I'd also check for something like
set community additive 64520:666
on R2.