Destination RTBH

Preface: The IPv4 range below is from RFC5737 which is not ideal as this range is for documentation purposes, not for live operational use. Equally RFC1918 space is meant for private use and may genuinely be seen inside a routing table so using RFC1918 and/or RFC5737 space maybe misleading. RFC6666 allocates 0100::/64 for use as a range of IPv6 discard prefixes. There is currently no official IPv4 discard range allocated by IANA.

An example of destination Remotely Triggered Black Hole Routing;

In this example AS1 has a static route to 4.4.4.4, the pretend victim IP. A route map applied to the redistribution of static routes into AS100 iBGP between PE1, PE2 and AS1 on AS1 set the next hop IP to 192.0.2.1, which in turn points to Null 0.

Transit has a valid route to 4.4.4.4 through eBGP (via PE1), and can ping the victim IP;

transit#show ip route 4.4.4.4
Routing entry for 4.4.4.4/32
  Known via "bgp 200", distance 20, metric 0
  Tag 100, type external
  Last update from 10.0.14.1 00:00:10 ago
  Routing Descriptor Blocks:
  * 10.0.14.1, from 10.0.14.1, 00:00:10 ago
      Route metric is 0, traffic share count is 1
      AS Hops 1
      Route tag 100
transit#ping 4.4.4.4 

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/39/52 ms

PE1 has a valid route to the loopback IP;

PE1#show ip route 4.4.4.4
Routing entry for 4.4.4.4/32
  Known via "bgp 100", distance 200, metric 0, type internal
  Last update from 10.0.35.5 00:01:07 ago
  Routing Descriptor Blocks:
  * 10.0.35.5, from 10.0.23.3, 00:01:07 ago
      Route metric is 0, traffic share count is 1
      AS Hops 0

On AS1 if the static route to 4.4.4.4 is removed, then re-added with tag 999 it will match our BGP route-map;

AS1#show ip route 4.4.4.4
Routing entry for 4.4.4.4/32
  Known via "static", distance 1, metric 0
  Redistributing via bgp 100
  Advertised by bgp 100 route-map Source-RTBHR
  Routing Descriptor Blocks:
  * 10.0.35.5
      Route metric is 0, traffic share count is 1
AS1#conf t
AS1(config)#no ip route 4.4.4.4 255.255.255.255 10.0.35.5
AS1(config)#ip route 4.4.4.4 255.255.255.255 192.0.2.1 tag 999
AS1#show ip route 4.4.4.4
Routing entry for 4.4.4.4/32
  Known via "static", distance 1, metric 0
  Tag 999
  Redistributing via bgp 100
  Advertised by bgp 100 route-map Source-RTBHR
  Routing Descriptor Blocks:
  * 192.0.2.1
      Route metric is 0, traffic share count is 1
      Route tag 999

Now we can see the difference on PE1

PE1#show ip route 4.4.4.4
Routing entry for 4.4.4.4/32
  Known via "bgp 100", distance 200, metric 0, type internal
  Last update from 192.0.2.1 00:00:04 ago
  Routing Descriptor Blocks:
  * 192.0.2.1, from 10.0.23.3, 00:00:04 ago
      Route metric is 0, traffic share count is 1
      AS Hops 0

4.4.4.4 can no longer be reached from outside AS100

transit#ping 4.4.4.4

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Device Configs:
Victim
AS1
PE2
PE1
TRANSIT

---