Last updated on January 24, 2024
On my Huawei CE12800 device, I am trying to run this config. Beside a standart BGP process, I am using three community values to control traffic with my upstream provider. With 555 community value, I can block traffic which has an international origin. 10.20.30.3 should be reachable only from my local network and from upstream network. Despite of I can succesfully announce 10.20.30.3 with 555 community, but static ip route to NULL interface blocks the traffic. I need a ***** route entry to bring up BGP announce which doesn't block traffic locally.
BTW, this setup works on my old 3com 8800 device.
#
interface Vlanif1000
ip address 10.20.30.1 255.255.255.240
#
bgp 11111
group UPSTREAM external
peer UPSTREAM as-number 22222
peer 11.22.33.44 as-number 22222
peer 11.22.33.44 group UPSTREAM
#
ipv4-family unicast
dampening
default-route imported
network 10.20.30.0 255.255.255.0
network 10.20.30.3 255.255.255.255
peer UPSTREAM enable
peer UPSTREAM route-policy export_upstream export
peer UPSTREAM advertise-community
peer 11.22.33.44 enable
peer 11.22.33.44 group UPSTREAM
#
route-policy export_upstream permit node 5
if-match ip-prefix black_hole
apply community 22222:666
#
route-policy export_upstream permit node 6
if-match ip-prefix upstream_int2
apply community 22222:555
#
route-policy export_upstream permit node 7
if-match ip-prefix upstream_int1
apply community 22222:444
#
route-policy export_upstream permit node 10
if-match ip-prefix local_upstream
apply local-preference 25
#
ip ip-prefix local_upstream index 84 permit 10.20.30.0 24 greater-equal 24 less-equal 32
ip ip-prefix black_hole index 10 permit 172.16.0.2 32 greater-equal 32 less-equal 32
ip ip-prefix upstream_int1 index 10 permit 172.16.0.4 32 greater-equal 32 less-equal 32
ip ip-prefix upstream_int2 index 10 permit 172.16.0.3 32 greater-equal 32 less-equal 32
ip ip-prefix upstream_int2 index 34714 permit 10.20.30.3 32
#
ip route-static 0.0.0.0 0.0.0.0 11.22.33.44
ip route-static 10.20.30.0 255.255.255.0 NULL0 description BGPTEST
ip route-static 10.20.30.3 255.255.255.255 NULL0
Be First to Comment