On Sat, 21 Jan 2017 11:50:43 +0000
Paul Thornton <paul@prt.org> wrote:
> Hi
>
> On 21/01/2017 09:36, Stephan von Krawczynski wrote:
> > I want to enter around several thousand mainly host blackhole routes into bgp
> > for redistribution. The IPs are coming dynamically from a failban setup. Does
> > anyone have an easy way to implement that?
>
> The 'usual' way to do something like this would be to set up a single
> static route as a blackhole (eg: 192.0.2.1/32 -> blackhole) on your
> router(s) and then use BGP on another machine to actually inject the
> routes into your network with a next-hop of 192.0.2.1.
>
> Something like exabgp can be used as part of the tool on the non-router
> machine to get your list of hosts into BGP - I've not looked, but
> something to do what you want may already exist somewhere.
>
> Paul.
Hi Paul,
thanks for your input. I would like to come out with a solution that injects a
"real" blackhole route (linux), just like "ip ro add blackhole <IP>" does.
Simply because this is the option with the lowest cpu impact on the router.
For exactly the same reason I don't want to use an iptables-solution.
So my basic idea was to use some tool (or script) to inject this type of route
into bgpd which in turn should configure the route via netlink on the local
host and redistribute it to other bgp-connected boxes.
If you read the google hits regarding blackhole bgp and the like you always
end up on pages where the blackhole route is typed into the bgpd vty by hand.
This is obviously impossible and no option for several hundred or thousand
routes and a dynamic, automated setup.
--
Regards,
Stephan
_______________________________________________
Quagga-users mailing list
Quagga-users@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-users