14.1 C
New York
Tuesday, September 3, 2024

routing – Cisco BGP RTBH in EVPN material


I’ve Cisco fundamental EVPN material configuration in DC with two backbone and couple of leafs utilizing OSFP+iBGP for underlay material. My border leaf linked to my ISP utilizing Vrf CUST. I wish to configure RTBH for DDoS safety. I’ve RTBH group from my ISP however by some means its not working could also be its Vrf difficulty.

My border-leaf utilizing Cisco 93180YC-EX working nxos 9.3.10 model.

route-map RTBH allow 10
  match tag 666
  set group 1299:666

In BGP configuration I’ve set redistribute static for RTBH

router bgp 65001
  router-id 10.254.1.2
  log-neighbor-changes
  template peer VXLAN_SPINE
    remote-as 65001
    update-source loopback0
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community
      send-community prolonged
  neighbor 10.254.0.1
    inherit peer VXLAN_SPINE
    description ** iBGP Peer to Backbone-1 **
    no shutdown
  neighbor 10.254.0.2
    inherit peer VXLAN_SPINE
    description ** iBGP Peer to Backbone-2 **
    no shutdown
  vrf CUST1
    log-neighbor-changes
    address-family ipv4 unicast
      redistribute static route-map RTBH
      aggregate-address 81.231.91.0/23 summary-only
    neighbor 213.XX.XX.4
      remote-as 1299
      local-as 31028
      description *** eBGP hyperlink to ISP ***
      address-family ipv4 unicast
        send-community
        send-community prolonged

Now if I add static route to check null route utilizing tag 666 it does not do something. Seems like my static route is not getting set up in vrf CUST1. instance like following.

ip route 81.231.91.128 255.255.255.255 Null0 tag 666

I haven’t got command like ip route vrf CUST ...blah.. to put in route in CUST1 In that case how do I check my BGP RTBH working or not?

As you may see I haven’t got possibility vrf in route command.

(config)# ip route ?
  A.B.C.D      IP prefix in format i.i.i.i
  A.B.C.D/LEN  IP prefix and community masks size in format x.x.x.x/m
vrf context CUST1
  description ** VRF-CUST1 **
  vni 10555
  rd auto
  address-family ipv4 unicast
    route-target each auto
    route-target each auto evpn

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles