These inbound policies modify the next-hop of specifically marked BGP network layer reach-ability information (NLRIs) to point to the chosen black hole next-hop. We use BGP community or extended-community attributes to identify NLRIs that need to be black holed (ones whose next-hops have to be modified). The community values that are chosen should be reserved for this purpose within the provider network.
In the following example, a community of 666:0 is chosen for identifying blackhole routes. The next-hop of BGP NLRIs with that community attribute is modified to use the blackhole next-hop.
R3.1 # edit policy BH_policy_NH
entry bh-nhset {
if match any {
community 666:0;
nlri any/32 ;
} then {
next-hop 192.168.2.66 ;
permit ;
}
}
entry bh-default {
if match any {
} then {
permit ;
}
}