2014-04-17 12:25 GMT+02:00 Gregory Edigarov <ediga...@qarea.com>: > On 04/17/2014 12:24 PM, Tristan PILAT wrote: > >> 2014-04-15 18:42 GMT+02:00 Laurent Caron (Mobile) < >> lca...@unix-scripts.info> >> : >> >> On 14 avril 2014 17:57:53 CEST, Tristan PILAT <tristan.pi...@gmail.com> >>> wrote: >>> >>>> match from any community 64514:888 set nexthop blackhole >>>> >>>> Hi, >>> >>> Make sure you dont accept from any but eg from group customers, make sure >>> the address *does* belong to your customers space (to avoid a customer >>> installing a blackhole route on a route you advertise). >>> Make sure you do strip 64514:888 from other peers. >>> ... >>> >>> And what about the client side ? Which command should he enter if he >>>> wishes >>>> to blackhole ip 1.2.3.4 eg >>>> >>>> Is it something like that ? bgpctl network add 1.2.3.4/32 community >>>> 64514:888 >>>> >>> Exactly. >>> >>> Hi, >>> >> Thanks for your reply ! I just tested this in my lab and it's working like >> a charm but only if I set "allow from any inet prefixlen 8 - 32" and this >> is annoying. >> >> Is there a way to make this work with "allow from any inet prefixlen 8 - >> 24" to accept /32 only for the blackhole ? >> >> -- >> Tristan >> > like this: > > > allow from any inet prefixlen 8 - 24 > allow from any inet prefixlen 32 community 64514:888 > > That goes without saying after all :-) Thanks !
-- Tristan
