BLACKHOLE community RFC7999
Ondrej Zajicek
santiago at crfreenet.org
Thu Oct 20 21:46:58 CEST 2016
On Thu, Oct 20, 2016 at 06:33:17PM +0100, Justin Cattle wrote:
> On 20 October 2016 at 16:35, Clemens Schrimpe <clemens.schrimpe at gmail.com>
> wrote:
>
> > It would be nice if export filters for the Kernel protocol could set a
> > route type, as in iproute(8):
> >
> > TYPE := [ unicast | local | broadcast | multicast | throw |
> > unreachable | prohibit | *blackhole* | nat ]
> >
> >
>
> So, we can already do stuff like this on a bgp filters, like this one on a
> a bgp import:
>
>
> if (64511,11) ~ bgp_community then {
>
> gw = RTD_BLACKHOLE;
> }
>
> ..with choices of:
>
> RTD_BLACKHOLE, RTD_UNREACHABLE or RTD_PROHIBIT
You are almost right, but it is 'dest' attribute, not 'gw' attribute:
To implement RFC 7999 in filters, you have to just add:
if (65535, 666) ~ bgp_community then dest = RTD_BLACKHOLE;
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20161020/f746bca7/attachment.asc>
More information about the Bird-users
mailing list