On 04/17/2014 12:24 PM, Tristan PILAT wrote:
2014-04-15 18:42 GMT+02:00 Laurent Caron (Mobile) <lca...@unix-scripts.info>
:
On 14 avril 2014 17:57:53 CEST, Tristan PILAT <tristan.pi...@gmail.com>
wrote:
match from any community 64514:888 set nexthop blackhole
Hi,
Make sure you dont accept from any but eg from group customers, make sure
the address *does* belong to your customers space (to avoid a customer
installing a blackhole route on a route you advertise).
Make sure you do strip 64514:888 from other peers.
...
And what about the client side ? Which command should he enter if he
wishes
to blackhole ip 1.2.3.4 eg
Is it something like that ? bgpctl network add 1.2.3.4/32 community
64514:888
Exactly.
Hi,
Thanks for your reply ! I just tested this in my lab and it's working like
a charm but only if I set "allow from any inet prefixlen 8 - 32" and this
is annoying.
Is there a way to make this work with "allow from any inet prefixlen 8 -
24" to accept /32 only for the blackhole ?
--
Tristan
like this:
allow from any inet prefixlen 8 - 24
allow from any inet prefixlen 32 community 64514:888