Yeah, it does seem a little buggy. Especially since the PE that receives the routes from trigger can't do the black holing since it only sets the next hop outbound...
On Sat, Aug 29, 2009 at 1:12 PM, Rick Mur <[email protected]> wrote: > It's still weird behavior. It's not a nice solution if you advertise the > blackhole next-hop througout the network. It should work inbound, though it > might be a bug that setting the next-hop doesn't work while also setting the > vrf. > > I'll try to lab this tomorrowmorning. > > > -- > > Rick Mur > CCIE2 #21946 (R&S, Service provider) > Sr. Support Engineer -- IPexpert, Inc. > > Sent from my iPhone > > On 29 aug 2009, at 00:28, Bryan Bartik <[email protected]> wrote: > > Ok, here's what I do now to make it work. Instead of applying the next hop > inbound, I just set a community. Then going towards the RR, I match the > community and set the next-hop, local pref, no-export, etc. The BGP route > then gets propagated and along with the null route, and it recursively > points to null so RPF fails. > > On Fri, Aug 28, 2009 at 6:29 AM, Bryan Bartik < <[email protected]> > [email protected]> wrote: > >> Hey Rick, >> >> I am trying it on some different models: 6500, 7600, and a 3640, haven't >> tried a 7200. All of them behave the same way. When I remove the VRF and >> just have a normal EBGP session, it works. I might have to peer the Trigger >> router one hop away from the PE (multihop EBGP, while sharing the peering >> address through the VRF), I have tested this and it seems to work. >> >> >> On Fri, Aug 28, 2009 at 12:47 AM, Rick Mur < <[email protected]> >> [email protected]> wrote: >> >>> Hi Bryan, >>> Is the route-map applied inbound from the BGP neighbor session of the >>> trigger router? The trigger router is also in VRF internet or in the global >>> table? >>> I actually never tried this within a VRF. Have you tried to do the same >>> thing without the vrf INTERNET? >>> >>> On what platform are you trying this? Have you tried doing it on a 7200? >>> >>> -- >>> Regards, >>> >>> Rick Mur >>> CCIE2 #21946 (R&S / Service Provider) >>> >>> Sr. Support Engineer – IPexpert, Inc. >>> URL: <http://www.IPexpert.com/>http://www.IPexpert.com >>> >>> >>> >>> >>> On 27 aug 2009, at 20:36, Bryan Bartik wrote: >>> >>> Hello, >>> >>> I am trying to set up a source based black hole an MPLS VPN but I cannot >>> get the discard route to properly be accepted as a next hop, output says >>> "inaccessible". >>> >>> Trigger----->PE >>> >>> Trigger is sending x.x.x.98/32 to the PE. >>> On the PE, I have a route-map that sets all next hops (VRF) from trigger >>> to 172.31.254.254. >>> On the PE, I have a null route in the VRF for 172.31.254.254. >>> >>> lab#sho run | inc ip route >>> ip route vrf INTERNET 172.31.254.254 255.255.255.255 Null0 >>> >>> lab#sho route-map SBBH >>> route-map SBBH, permit, sequence 10 >>> Match clauses: >>> Set clauses: >>> local-preference 252 >>> ip vrf INTERNET next-hop 172.31.254.254 >>> Policy routing matches: 0 packets, 0 bytes >>> >>> BGP routing table entry for xxx:xxx:x.x.x.98/32, version 3747716 >>> Paths: (2 available, best #2, table INTERNET) >>> Not advertised to any peer >>> 65187 >>> 172.31.254.254 (inaccessible) from x.x.x.x (TRIGGER IP) >>> Origin incomplete, metric 0, localpref 252, valid, external >>> Extended Community: RT:xxx:xxx >>> >>> Am I missing something? >>> >>> Thanks, >>> >>> -- >>> Bryan Bartik >>> CCIE #23707 (R&S), CCNP >>> Sr. Support Engineer - IPexpert, Inc. >>> URL: <http://www.IPexpert.com/>http://www.IPexpert.com >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit <http://www.ipexpert.com>www.ipexpert.com >>> >>> >>> >> >> >> -- >> Bryan Bartik >> CCIE #23707 (R&S), CCNP >> Sr. Support Engineer - IPexpert, Inc. >> URL: <http://www.IPexpert.com>http://www.IPexpert.com >> > > > > -- > Bryan Bartik > CCIE #23707 (R&S), CCNP > Sr. Support Engineer - IPexpert, Inc. > URL: <http://www.IPexpert.com>http://www.IPexpert.com > > -- Bryan Bartik CCIE #23707 (R&S), CCNP Sr. Support Engineer - IPexpert, Inc. URL: http://www.IPexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
