Blackhole routes using a filter?

Dan Luedtke maildanrl at googlemail.com
Wed May 2 10:23:54 CEST 2012


Hi everyone,

I am stuck with bird, could you please give me a hint?

The setup:
My router peers with Team Cymru to get fullbogons via BGP.
I want to blackhole these routes using a filter. My filter looks like this:

filter blackhole {
	gw = 2001:db8::1;
	accept;
}

However, the kernel refuses to import my blackholed routes:

May  2 10:27:08 gw bird6: cymru1 > added [best] 2001:16a1::/32 via
2001:db8::1 on eth0
May  2 10:27:08 gw bird6: kernel1 < added 2001:16a1::/32 via 2001:db8::1 on eth0
May  2 10:27:08 gw bird6: cymru1 < rejected by protocol 2001:16a1::/32
via 2001:db8::1 on eth0

Any ideas how to accomplish blackholing? Other approaches maybe?
Not that I like Cisco very much, but it is easier on their equipment :/

Here is the actual peering, just for the case it matters:

protocol bgp cymru1 {
        description "Cymru IPv6 fullbogons #1";
        local as 57821;
        neighbor 2620:0:6B0::26E5:4207 as 65332;
	source address 2001:67c:26f4::1;
	password "got lost during mail transfer somehow :)";
	multihop 20;
        import filter blackhole;
        export all;
}

Regards,
  Dan

-- 
Dan Luedtke
http://www.danrl.de



More information about the Bird-users mailing list