Re: OpenBGPd match clause with multihop BGP session
On 24/01/2014 00:38, Sebastian Benoit wrote: This is normal behaivor (and perhaps a misunderstanding on your side): bgpd will only put routes into the fib that are best and valid in the rib. A route comming from an EBGP-peer is only valid if the nexthop is directly connected. To make the route valid you can force the nexthop to a useable nexthop, for exampe your $NERIM_PEER_v4. you could also use $NERIM_MY_v4. /Benno I perfectly understand bgpd needs a 'valid' nexthop to put routes into the fib. I however (mistakingly?) thought having set nexthop blackhole in the peer's stanza would make it.
Re: OpenBGPd match clause with multihop BGP session
Laurent CARON(lca...@unix-scripts.info) on 2014.01.24 09:24:26 +0100: On 24/01/2014 00:38, Sebastian Benoit wrote: This is normal behaivor (and perhaps a misunderstanding on your side): bgpd will only put routes into the fib that are best and valid in the rib. A route comming from an EBGP-peer is only valid if the nexthop is directly connected. To make the route valid you can force the nexthop to a useable nexthop, for exampe your $NERIM_PEER_v4. you could also use $NERIM_MY_v4. /Benno I perfectly understand bgpd needs a 'valid' nexthop to put routes into the fib. I however (mistakingly?) thought having set nexthop blackhole in the peer's stanza would make it. well, currently it does not. with a diff comited today you can use 127.0.0.1. However, it might be useful to have the blackhole depend on the reachablility of some other ip (the way it currently is). Does anybody use that or knows a use case for that? Otherwise we might just remove that and make it work the way you thought it would.
Re: OpenBGPd match clause with multihop BGP session
Laurent CARON(lca...@unix-scripts.info) on 2013.12.13 11:31:02 +0100:
Hi,
I'm using cymru[1] bogon feed onto a router receiving several full tables.
On this router I have:
neighbor $CYMRU_PEER_v4 {
descr cymru-fullbogon-v4-001
local-address $NERIM_MY_v4
max-prefix 9550 restart 10
}
bgpctl show rib correctly shows the prefixes being added with nexthop
$CYMRU_PEER_v4
This nexthop however is invalid (because I can't reach it directly),
which doesn't matter to me since this traffic should be blackholed
anyway.
To blackhole this traffic I use:
match from group cymru_bogons set nexthop blackhole
The traffic never gets blackholedunless I use
set nexthop $NERIM_PEER_v4
in the neighbor stanza.
Is it a normal behavior, a misunderstanding on my side, or a bug ?
This is normal behaivor (and perhaps a misunderstanding on your side):
bgpd will only put routes into the fib that are best and valid in the rib.
A route comming from an EBGP-peer is only valid if the nexthop is directly
connected. To make the route valid you can force the nexthop to a useable
nexthop, for exampe your $NERIM_PEER_v4. you could also use $NERIM_MY_v4.
/Benno
OpenBGPd match clause with multihop BGP session
Hi,
I'm using cymru[1] bogon feed onto a router receiving several full tables.
On this router I have:
neighbor $CYMRU_PEER_v4 {
descr cymru-fullbogon-v4-001
local-address $NERIM_MY_v4
max-prefix 9550 restart 10
}
bgpctl show rib correctly shows the prefixes being added with nexthop
$CYMRU_PEER_v4
This nexthop however is invalid (because I can't reach it directly),
which doesn't matter to me since this traffic should be blackholed
anyway.
To blackhole this traffic I use:
match from group cymru_bogons set nexthop blackhole
The traffic never gets blackholedunless I use
set nexthop $NERIM_PEER_v4
in the neighbor stanza.
Is it a normal behavior, a misunderstanding on my side, or a bug ?
Thanks
Laurent
PS:
$CYMRU_PEER_v4 = IPv4 address of the cymru router
$NERIM_MY_v4 = my public IPv4 address
$NERIM_PEER_v4 = my IPv4 gateway (ISP side)
[1]: http://www.team-cymru.org/Services/Bogons/bgp-examples.html
