-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi All, I'm building a s/RTBH setup based on bird 1.3.7. I'm using a single route injector which has iBGP peerings with my route-reflector cluster. The setup looks like this (with the injector running on OpenBSD-4.9/Alpha and router* running on Debian Squeeze amd64 if that matters): [injector] / \ / \ / \ [router 1] [router 2] On the injector, I configure static routes, which I export over BGP. I want to tag these prefixes with a BGP community, so I can nullroute the IP's on my route-reflectors and all routers that are connected to this cluster. For this, I'm using the following configuration (only the relevant portions included): [injector] protocol static blacklist { route 1.2.3.4/32 via 192.0.2.1; } protocol bgp router_1 { local 172.16.0.1 as 65000; neighbor 172.16.0.2 as 65000; export filter { bgp_community = -empty-; bgp_community.add((65000,666)); accept; }; import none; } [router 1] protocol bgp injector { local 172.16.0.2 as 65000; neighbor 172.16.0.1 as 65000; export none; import filter { gw = 192.0.2.1; bgp_community = -empty-; bgp_community.add((65000,666)); accept; }; } The configuration for router 2 is identical apart from the IP's, so I haven't included this configuration. This setup works, however, the BGP community only gets set when the prefix enters BGP on router 1: user@injector# birdc show route 1.2.3.4/32 all BIRD 1.3.7 ready. 1.2.3.4/32 via 192.0.2.1 on lo1 [blacklist 12:01] * (200) Type: static unicast univ user@injector# birdc show route export router_1 all BIRD 1.3.7 ready. 1.2.3.4/32 via 192.0.2.1 on lo1 [blacklist 12:01] * (200) Type: static unicast univ BGP.origin: IGP BGP.as_path: BGP.next_hop: 192.0.2.1 BGP.local_pref: 100 user@router_1# birdc show route 1.2.3.4/32 BIRD 1.3.7 ready. 1.2.3.4/32 unreachable [injector 12:01 from 172.16.0.1] * (100) [i] user@router_1# birdc show route 1.2.3.4/32 all BIRD 1.3.7 ready. 1.2.3.4/32 unreachable [injector 12:01 from 172.16.0.1] * (100) [i] Type: BGP unicast univ BGP.origin: IGP BGP.as_path: BGP.next_hop: 192.0.2.1 BGP.local_pref: 100 BGP.community: (65000,666) My questions: 1) First, are these configuration snippets and command output enough to assist in these questions? 2) Is it possible to set a BGP community on a static route which is being exported over BGP? The example in the docs(*) says I should be able to do this. 3) Am i doing something wrong in this setup that is causing the BGP community not being set? 4) Is there a more intelligent way to get this to work? Imho, using a BGP community is the most cleanest and generic way to implement this, but I want this to be set on the injector, and not on my RR cluster. Kind Regards, Lex van Roon *) http://bird.network.cz/?get_doc&f=bird-6.html#ss6.1 - -- LRO-RIPE | 11FCBF2A | 756E 845C 0A88 75FF C750 1E7E 9723 E0DF 11FC BF2A -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPfZxqAAoJEJcj4N8R/L8q5o8H/2bM1FIfXYtfMsTCsgF5VaeH /jWO1dvBDWpXd6bG/8LO786dboroOgF9u2nN8mMxJdkJ9eurlifs+VkPX53hoTiU 8nT4v1mjF7QzYu6pD3e4U6WDCuvmSSuKFt3F0DI0CBVEI3Gde9RFPT75rC2bfhu2 BOSx8dDmyOpS0WiMuQeqLmfZWwdK12lx7t2/AY1+F2IXCbhC1Q/4sEa8FOEKTLpT ZEPdTBL0N44dqcVaGtfg+FrmsIQi8iIiUrRFhFicxzzEuBuT5jvbbcPWroVg4Hco SSMD1ha9b4b4atWGY/kFa0ixO92aBMtEpJIsCoifd1TUPf3oNwawfjxJdEJkDiA= =y7xa -----END PGP SIGNATURE-----