Errors like "bgp1: Error: Hold timer expired"
Roger Whittaker
roger at disruptive.org.uk
Thu Jan 5 18:20:06 CET 2017
On Thu, Jan 05, 2017 at 06:15:00PM +0100, Ondrej Zajicek wrote:
> On Thu, Jan 05, 2017 at 05:53:40PM +0100, Ondrej Zajicek wrote:
> > On Thu, Jan 05, 2017 at 04:11:25PM +0000, Roger Whittaker wrote:
> > > I'm trying to use bird to help prevent spam as described here:
> > >
> > > https://debian-administration.org/article/715/Preventing_SPAM_connections_with_bird
> > >
> > > I understand very little about BGP, so I'm really using that article
> > > as a "recipe", and have used the config file there more or less as is,
> > > except for changing the router id setting and enabling logging (and
> > > I've increased scan time to 600).
> >
> > The reason for 'Hold timer expired' is funny. The IP address of eu.bgp-spamd.net
> > is also on the blacklist:
> >
> > bird> show route 217.31.80.170/32
> > 217.31.80.170/32 blackhole [bgp1 17:36:37 from 217.31.80.170] * (100) [AS65055i]
> >
> > Not sure if that is intentional or not.
>
> OK, seems like the route server is sending not just black list entries,
> but also other entries (white list?) mixed in, marked by BGP communities.
>
> So the original article is horribly mistaken.
>
> Blacklisted routes are only ones with (65066, 666) BGP community. So the
> import filter should look more like:
>
> filter route_import {
> if !( (65066, 666) ~ bgp_community ) then reject;
>
> dest = RTD_BLACKHOLE;
> accept;
> }
Thanks very much for this - I can now at least get started with this
idea and see how it goes.
--
========================
Roger Whittaker
roger at disruptive.org.uk
========================
More information about the Bird-users
mailing list