Blackhole routes using a filter?
Dan Luedtke
maildanrl at googlemail.com
Wed May 2 10:23:54 CEST 2012
Hi everyone,
I am stuck with bird, could you please give me a hint?
The setup:
My router peers with Team Cymru to get fullbogons via BGP.
I want to blackhole these routes using a filter. My filter looks like this:
filter blackhole {
gw = 2001:db8::1;
accept;
}
However, the kernel refuses to import my blackholed routes:
May 2 10:27:08 gw bird6: cymru1 > added [best] 2001:16a1::/32 via
2001:db8::1 on eth0
May 2 10:27:08 gw bird6: kernel1 < added 2001:16a1::/32 via 2001:db8::1 on eth0
May 2 10:27:08 gw bird6: cymru1 < rejected by protocol 2001:16a1::/32
via 2001:db8::1 on eth0
Any ideas how to accomplish blackholing? Other approaches maybe?
Not that I like Cisco very much, but it is easier on their equipment :/
Here is the actual peering, just for the case it matters:
protocol bgp cymru1 {
description "Cymru IPv6 fullbogons #1";
local as 57821;
neighbor 2620:0:6B0::26E5:4207 as 65332;
source address 2001:67c:26f4::1;
password "got lost during mail transfer somehow :)";
multihop 20;
import filter blackhole;
export all;
}
Regards,
Dan
--
Dan Luedtke
http://www.danrl.de
More information about the Bird-users
mailing list