Routing

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
  • 1.  Destination Based RTBH

    This message was posted by a user wishing to remain anonymous
    Posted 10-14-2022 16:35
    This message was posted by a user wishing to remain anonymous

    Hi,

    I am looking at 2 scenarios of RTBH in an MPLS Network.

    First scenario - i understand OK - so we (Service Provider)  receive a route from our customer with a RTBH Community, we then advertise this route via iBGP to other routers in the network through a Route Reflector and on the other PE Routers we configure an iBGP import policy that matches the RTBH Community and set the next-hop to discard.

    Now its the second scenario that i have a question for - one of our PE Routers is a RTBH trigger router and we have the following config on the trigger router:

    #V6DestinationPrefix
    set routing-options rib inet6.0 static route 2A01:5678:1/128 reject
    set routing-options rib inet6.0 static route 2A01:5678:1/128 tag 666

    #V4DestinationPrefix
    set routing-options static route 172.16.42.42/32 reject
    set routing-options static route 172.16.42.42/32 tag 666

    #DiscardRoutes
    set routing-options rib inet6.0 static route 0100::1/128 reject
    set routing-options static route 192.2.0.1/32 reject

    show policy-options policy-statement RTBH
    term 1 {
    from {
    family inet;
    protocol static;
    tag 666;
    }
    then {
    local-preference 500;
    community add NO-EXPORT;
    community add RTBH_COMM;
    next-hop 192.2.0.1;
    accept;
    }
    }
    term 2 {
    from {
    family inet6;
    protocol static;
    tag 666;
    }
    then {
    local-preference 500;
    community add RTBH_COMM;
    community add NO-EXPORT;
    next-hop 0100::1;
    accept;
    }
    }

    #iBGPcONFIG
    group ibgp {
    type internal;
    local-address 172.20.20.20;
    family inet {
    unicast;
    }
    family inet6 
    }
    }
    export [ nhs RTBH ];

    My questions are:
    1. Since this is only an IPv4 Core with no native v6 peering in the Core - to get term 2 in the export policy to be exported do i need to enable "family inet6" on the iBGP session towards the RR?

    2. Since we are changing the next-hop to discard routes when these prefixes are send to the RR for route resolution on the RR - do ia lso need to add the following 2 static routes:
    set routing-options rib inet6.0 static route 0100::1/128 reject
    set routing-options static route 192.2.0.1/32 reject

    3. Lastly to allow the other PE Routers to do Local Route Resolution - i need to add the 2 static routes above.

    Am i missing anything here - any help will be appreciated,
    Cheers

    ​​​


  • 2.  RE: Destination Based RTBH

    This message was posted by a user wishing to remain anonymous
    Posted 10-15-2022 13:30
    This message was posted by a user wishing to remain anonymous

    What exactly does trigger router do ?   Does it advertise to all the peers that the routes with tag 666 will be sent 192.2.0.1 ? What the edge routers do is to tag the victim prefixes with 666 ?

    Am I right ?

    thanks !!


  • 3.  RE: Destination Based RTBH

    This message was posted by a user wishing to remain anonymous
    Posted 10-15-2022 16:47
    This message was posted by a user wishing to remain anonymous

    I think your understanding of what trigger router does is not right.  After some tests, my previous understanding was not right.



  • 4.  RE: Destination Based RTBH

    This message was posted by a user wishing to remain anonymous
    Posted 10-17-2022 06:50
    This message was posted by a user wishing to remain anonymous

    Step 5 - from the RFC explains what a Trigger Router does - https://www.rfc-editor.org/rfc/rfc5635, not sure i understand what you mean by understanding is not right - please help me understand.

    The tag 666 is just used by the trigger router to match the destination prefixes you want blackholed. The export policy on the rigger router matches these routes with tag 666 and set the next-hop to a discard route and also  a higher Local Preference - then these advertised via iBGP to remote routers via a RR. The remote routers then install these routes into their Routing Tables but before they do the install they need to be able to resolve the next-hops which was set by the trigger router and to be able to do this we configure the following on the Remote PEs and the Route Reflector as well:
    set routing-options rib inet6.0 static route 0100::1/128 reject
    set routing-options static route 192.2.0.1/32 reject

    So the above works fine for ipv4 - my question is more around RTBH implementation with ipv6 in a scenario where you have to use a Trigger router, also in an IPv4 MPLS Core.
    To be able to exchange the v6 route between trigger router and RR do you enable - family inet6 or family inet6 labelled unicast explicit null (for 6PE) - just to get the v6 route send to RR - we dont want to receive v6 prefixes on the trigger router from other routers that are doing 6PE - we just want to be able to send the v6 route to the RR only - one way is to enable family inet6 on the trigger router to send it to RR and on trigger router configure an iBGP import policy that rejects v6 - but is there a cleaner solution?

    Cheers


  • 5.  RE: Destination Based RTBH

    This message was posted by a user wishing to remain anonymous
    Posted 10-21-2022 23:36
    This message was posted by a user wishing to remain anonymous

    What does trigger router do when a trigger route is referred to.  I think I had the same understanding as yours. I tried to discard the victimized routes on a trigger router.  After I watched a couple of videos from Youtube,  I found I misunderstood what a trigger router is.

    The victimized routes are discarded at the edge routers or ISP routers. A trigger router just tags routes which are to be discarded. It does not discard it. It just exports them with a tag or a community. When the edge routers or IPS routers see the tag or the community, they discard them.