Laurent CARON(lca...@unix-scripts.info) on 2013.12.13 11:31:02 +0100: > Hi, > > I'm using cymru[1] bogon feed onto a router receiving several full tables. > > On this router I have: > > neighbor $CYMRU_PEER_v4 { > descr cymru-fullbogon-v4-001 > local-address $NERIM_MY_v4 > max-prefix 9550 restart 10 > } > > bgpctl show rib correctly shows the prefixes being added with nexthop > $CYMRU_PEER_v4 > > This nexthop however is invalid (because I can't reach it directly), > which doesn't matter to me since this traffic should be blackholed > anyway. > > To blackhole this traffic I use: > match from group cymru_bogons set nexthop blackhole > > The traffic never gets blackholed....unless I use > set nexthop $NERIM_PEER_v4 > in the neighbor stanza. > > Is it a normal behavior, a misunderstanding on my side, or a bug ?
This is normal behaivor (and perhaps a misunderstanding on your side): bgpd will only put routes into the fib that are best and valid in the rib. A route comming from an EBGP-peer is only valid if the nexthop is directly connected. To make the route valid you can force the nexthop to a useable nexthop, for exampe your $NERIM_PEER_v4. you could also use $NERIM_MY_v4. /Benno