Re: Bird blackhole, example config

Sun, 30 Apr 2017 18:10:51 -0700 

> 
> On Apr 30, 2017, at 8:47 AM, Krzysztof Puchała TriplmeMedia 
> <kpuch...@triplemedia.org> wrote:
> 
> Hi, You once added an example of a blackhole configuration in the birde on 
> the mailing list:
> http://bird.network.cz/pipermail/bird-users/2012-March/007671.html
> I'm trying to implement this in my setup and when I'm overloading the 
> configuration I have an error
> bird> configure check
> Reading configuration from /etc/bird/bird.conf
> /etc/bird/bird.conf, line 49: syntax error
> 
> 49 lines of code:
> protocol kernel blackhole {
> 
> Maybe you have an idea why it does not work?
> thanks in advance for your answer.
> 
> 
> Krzysztof Puchała, członek zarządu
> mob. 507364853 / mail. kpuch...@triplemedia.org 
> TripleMedia sp.z.o.o. Biuro: 91 852 21 51
> ul. Dworcowa 9/212  73-110 Stargard
> www.TripleMedia.org 
> 
> TripleMedia sp.z.o.o. Spółka wpisana do Rejestru Przedsiębiorców prowadzonego 
> przez Sąd Rejonowy Szczecin Centrum w Szczecinie. XIII Wydział Gospodarczy 
> Krajowego Rejestru Sądowego pod nr. KRS: 0000378029. Wysokość kapitału 
> zakładowego: 5000 PLN. Wysokość kapitału wpłaconego: 5000 PLN.
> 


Hi, I’m replying to list for relevant benefit/discussion.

Wow, my example config is over 5 years old now…something probably changed in 
syntax requirements over the years, as this is what we currently have in place 
(note that a pipe isn’t used, as we now leverage "ip rule" to separately 
include the blacklist table):

table blackholes;
…
protocol kernel kblackholes {
        table blackholes;
        kernel table 10;
        scan time 10;
        learn;
        import all;
        export all;
}
...
filter bgp_out_upstream {
        if (proto = "kblackholes" ) then
        {
          if net.len = 32 then {
            bgp_community.add((64665,666)); # Replace 64665,666 with your 
upstream's community designation…if needed, otherwise delete this line
            printn “Blackhole nulling ";
            print net;
            accept;
          }
        }
        if net ~ [192.168.0.0/16] then accept;  …replace this with your own 
netblocks, one netblock per entry
        reject;
}
...
protocol bgp upstream {
...
  export filter bgp_out_upstream;
...
}

HTH,
Gregg Berkholtz
Datacenter consulting, hosting & support since 1995
  www.tocici.com  |  503-488-5461  |  AS14613

Reply via email to