RE: Advertising subnets of existing networks ?

They were trying to Null route it. All you have to do is say:

208.65.153.128 255.255.255.128 null0
208.65.153.0 255.255.255.128 null0
!
router bgp 1
 network 208.65.153.128 mask 255.255.255.128
 network 208.65.153.0 mask 255.255.255.128

Blackholes like this are support to be community no-export, but they screwed up their config and they leaked the advertisements to their EBGP peers.

Brian McGahan, CCIE #8593 (R&S/SP/Security)
bmcgahan_at_INE.com
 
Internetwork Expert, Inc.
http://www.INE.com

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Jacek
Sent: Tuesday, June 28, 2011 4:31 PM
To: Cisco certification
Subject: BGP: Advertising subnets of existing networks ?

Hello Experts,

I read an article "YouTube Hijacking: A RIPE NCC RIS case study" about an ISP in Pakistan blackholing YouTube networks:
http://www.ripe.net/internet-coordination/news/industry-developments/youtube-hijacking-a-ripe-ncc-ris-case-study

In the Event Timeline it says that at 20:18 (UTC):
"AS36561 (YouTube) starts announcing 208.65.153.128/25 and 208.65.153.0/25."

I am curious how they did it. I built a small scenario but I can not make it
work:

AS100---AS200---AS300---AS400
R1------R2------R3------R4

R1 advertises:
Loopback 0: 1.1.0.0/24
Loopback 1 :1.1.1.0/24
Loopback 2 :1.2.2.0/24
Loopback 3 :1.1.3.0/24

I know that I can configure R2 with "bgp inject-map" and inject 1.1.3.0/25and 1.1.3.128/25.

My goal is to configure R1 such that all other routers will see 1.1.3.0/25and 1.1.3.128/25. Do not reconfigure Loopback 3. Is this possible ?

Thanks,

Blogs and organic groups at http://www.ccie.net
Received on Tue Jun 28 2011 - 16:36:24 ART