Hi Tuc,
I put in a feature request which was accepted so the blackhole may be supported
in the latest software.
ok so the normal system is you put a static route to null0 on your cisco then
inject routes thro bgp with next-hop of that static. iirc i got it to work but
setting the static to route to loopback.. of course this means software
switching which is bad if its a ddos your killing but as dropping to null was
also software i figured it was no worse.
the trouble seemed specifically that bgp wouldnt recursively lookup and would
assume the next hop was unavailable
Steve
On Mon, 4 Apr 2005, Tuc wrote:
> > not sure, turn up some debug..watch our for blackhole tho, until recently
> > its supported only in software and it doesnt work in the way other routers
> > eg cisco do. i found it wouldnt allow me to set next hop to an ip static
> > routed to null
> >
> I did. Foundry says Zebra closes the connection and thats it, Zebra says
> the Foundry isn't doing anything. SIGH.......
>
> Your killing me. Your serious I can't use my BGP black hole machine?
> On the Cisco I do have "ip route 172.16.1.1 255.255.255.255 Null0". Maybe
> I can tell it to go out a port that isn't up then instead?
>
> Thanks, Tuc/TTSG Internet Services, Inc
> (Already thinking my 2 week deadline is in SERIOUS jeopardy)
>
>
>
> > Steve
> >
> >
> > On Mon, 4 Apr 2005, Tuc wrote:
> >
> > > > > BGP with redistributes
> > > >
> > > > same except no spaces in descs, and on route-map put 'in'/'out' before the
> > > > route-map name instead of after
> > > >
> > > > > and route maps (BOY are there route-map's),
> > > >
> > > > same (you'll be glad to hear!)
> > > >
> > >
> > > Hi,
> > >
> > > Just to give everyone a little giggle, I contacted the Foundry TAC
> > > (I do pay for support....) and sent them some of my concerns and questions
> > > how to go about some things. That was a week ago. They passed me off to
> > > the local account team, which was a free for all trying to figure out
> > > who would be helping. I finally got *1* person, laid it all out to him,
> > > and hoped to hear back.
> > >
> > > Well, I did. I was told my devices didn't support BGP.... Thats
> > > weird :
> > >
> > > telnet at f4802#sho ip bgp sum
> > > BGP4 Summary
> > > Router ID: AA.BB.X.X Local AS Number : 65535
> > > Confederation Identifier : not configured
> > > Confederation Peers:
> > > Maximum Number of Paths Supported for Load Sharing : 1
> > > Number of Neighbors Configured : 1, UP: 0
> > > Number of Routes Installed : 0
> > > Number of Routes Advertising to All Neighbors : 0
> > > Number of Attribute Entries Installed : 0
> > > Neighbor Address AS# State Time Rt:Accepted Filtered Sent ToSend
> > > AA.BB.CC.DD YYYY OPENS 0h57m43s 0 0 0 0
> > >
> > > I'm testing its ability to connect to something we call a "black hole
> > > server". Its an offsite PC running Zebra that allows us to change BGP and
> > > use it to restrict responding to whatever is in it.
> > >
> > > So I configured :
> > >
> > > router bgp
> > > local-as 65535
> > > neighbor AA.BB.CC.DD remote-as YYYY
> > > neighbor AA.BB.CC.DD ebgp-multihop 20
> > > neighbor AA.BB.CC.DD update-source loopback 1
> > > neighbor AA.BB.CC.DD maximum-prefix 100 95 teardown
> > > neighbor AA.BB.CC.DD route-map in bgp-from-blackhole
> > > neighbor AA.BB.CC.DD route-map out bgp-to-blackhole
> > > neighbor AA.BB.CC.DD soft-reconfiguration inbound
> > > !
> > > route-map bgp-from-blackhole permit 10
> > > set local-preference 500
> > > set community no-export
> > > !
> > > route-map bgp-to-blackhole deny 10
> > >
> > >
> > > I seem to get it doing OpenSents, but it never really "connects".
> > >
> > > Any thoughts?
> > >
> > > Thanks, Tuc/TTSG Internet Services, Inc.
> > >
> >
> > _______________________________________________
> > foundry-nsp mailing list
> > foundry-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/foundry-nsp
> >
>
>