Step 2
Prior to the attack, configure inbound route-maps on all
edge BGP
speakers (R2 through R4 in Black Hole Routing
Using BGP).
These inbound policies modify the next-hop of
specifically marked BGP network layer reach-ability information (NLRIs) to point to the
chosen black hole next-hop. We use BGP community or extended-community attributes to
identify NLRIs that need to be black holed (ones whose next-hops have to be modified). The
community values that are chosen should be reserved for this purpose within the provider
network.
In the following example, a community of
666:0 is chosen for identifying blackhole routes. The next-hop of BGP NLRIs with that
community attribute is modified to use the blackhole
next-hop.
R3.1 # edit policy BH_policy_NH entry bh-nhset { if match any { community 666:0; nlri any/32 ; } then { next-hop 192.168.2.66 ; permit ; } } entry bh-default { if match any { } then { permit ; } }