Step 3
The following example
creates a static route on R1 to the target network 203.0.113.1/32 with a static export
policy that applies to the community. When the attack targets change, you only need to
create or delete static routes to the target networks. The policy exports them to the edge
BGP speakers with the selected community attribute values
attached.
R1.1 # edit policy BH_COMM_APPLY entry bh-comm-apply { if match any { nlri 203.0.113.0/24; nlri any/32; } then { community set “666:0”; } } R1.2 # configure iproute add 203.0.113.1/32 10.0.0.6 R1.3 # enable bgp export static export-policy BH_COMM_APPLY
Alternatively, you can apply the policy as an outbound policy as below:
R1.10 # configure bgp neighbor 10.0.0.2 route-policy out BH_COMM_APPLYR1.11 # configure bgp neighbor 10.0.0.3 route-policy out BH_COMM_APPLYR1.12 # configure bgp neighbor 10.0.0.4 route-policy out BH_COMM_APPLY