I think you need to change the command from "bgp-policy source QOS_2" to "bgp-policy destination QOS_2"
Arie On Dec 19, 2007 6:45 PM, Nash Stevenson <[EMAIL PROTECTED]> wrote: > Hi Scott: > > The Cisco link is not very friendly... > > Here is what I am trying to achive... > > R1 is in AS100 peering with R2 in AS200. > R2 is also peering with R3 in AS200,ibgp. > > Cust Network 171.68.1.0/24 off of R3 is being Dos attacked by someone in > AS100. > > What I want to do is to match this traffic, set it to a community value > and then police it to 128bps > > Here is what I think I need to do but just don't know where and how to > implement it ;-) > > on r3: > > router bgp 200 > table-map QOS_2 > ! > route-map QOS_2 > match community 2 > set ip qos-group 2 > ! > ip community-list 2 permit 200:2 > ! > int f0/0---------------------------------->cust. network > bgp-policy source QOS_2 > rate-limit output qos-group 2 128000 1500 2000 conform-action transmit > exceed-action drop > > on R2 I am having difficulty in matching traffic inbound for cust. network > and setting community to 200:2. I can set this via PBR inbound on R2 but how > do I tell BGP to send it to R3.....(unless similiar to remote black-hole > triggering technique of creating another static route for cust. network to > null0 matching tag 666, then creating another route-map matching this tag > and setting the next-hop ...etc. etc..but I don't think this is correct). > > Any ideas?? > > Thx. > > -Nash >
