Bird blackhole, example config

Gregg Berkholtz gregg at tocici.com
Mon May 1 03:01:46 CEST 2017


> 
> On Apr 30, 2017, at 8:47 AM, Krzysztof Puchała TriplmeMedia <kpuchala at triplemedia.org> wrote:
> 
> Hi, You once added an example of a blackhole configuration in the birde on the mailing list:
> http://bird.network.cz/pipermail/bird-users/2012-March/007671.html
> I'm trying to implement this in my setup and when I'm overloading the configuration I have an error
> bird> configure check
> Reading configuration from /etc/bird/bird.conf
> /etc/bird/bird.conf, line 49: syntax error
> 
> 49 lines of code:
> protocol kernel blackhole {
> 
> Maybe you have an idea why it does not work?
> thanks in advance for your answer.
> 
> 
> Krzysztof Puchała, członek zarządu
> mob. 507364853 / mail. kpuchala at triplemedia.org 
> TripleMedia sp.z.o.o. Biuro: 91 852 21 51
> ul. Dworcowa 9/212  73-110 Stargard
> www.TripleMedia.org 
> 
> TripleMedia sp.z.o.o. Spółka wpisana do Rejestru Przedsiębiorców prowadzonego przez Sąd Rejonowy Szczecin Centrum w Szczecinie. XIII Wydział Gospodarczy Krajowego Rejestru Sądowego pod nr. KRS: 0000378029. Wysokość kapitału zakładowego: 5000 PLN. Wysokość kapitału wpłaconego: 5000 PLN.
> 


Hi, I’m replying to list for relevant benefit/discussion.

Wow, my example config is over 5 years old now…something probably changed in syntax requirements over the years, as this is what we currently have in place (note that a pipe isn’t used, as we now leverage "ip rule" to separately include the blacklist table):

table blackholes;
…
protocol kernel kblackholes {
        table blackholes;
        kernel table 10;
        scan time 10;
        learn;
        import all;
        export all;
}
...
filter bgp_out_upstream {
        if (proto = "kblackholes" ) then
        {
          if net.len = 32 then {
            bgp_community.add((64665,666)); # Replace 64665,666 with your upstream's community designation…if needed, otherwise delete this line
            printn “Blackhole nulling ";
            print net;
            accept;
          }
        }
        if net ~ [192.168.0.0/16] then accept;  …replace this with your own netblocks, one netblock per entry
        reject;
}
...
protocol bgp upstream {
...
  export filter bgp_out_upstream;
...
}

HTH,
Gregg Berkholtz
Datacenter consulting, hosting & support since 1995
  www.tocici.com  |  503-488-5461  |  AS14613




More information about the Bird-users mailing list