Mailing List Archive

Hi

On 21/01/2017 09:36, Stephan von Krawczynski wrote:
> I want to enter around several thousand mainly host blackhole routes into bgp
> for redistribution. The IPs are coming dynamically from a failban setup. Does
> anyone have an easy way to implement that?

The 'usual' way to do something like this would be to set up a single
static route as a blackhole (eg: 192.0.2.1/32 -> blackhole) on your
router(s) and then use BGP on another machine to actually inject the
routes into your network with a next-hop of 192.0.2.1.

Something like exabgp can be used as part of the tool on the non-router
machine to get your list of hosts into BGP - I've not looked, but
something to do what you want may already exist somewhere.

Paul.

_______________________________________________
Quagga-users mailing list
Quagga-users@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-users

On Sat, 21 Jan 2017 11:50:43 +0000
Paul Thornton <paul@prt.org> wrote:

> Hi
>
> On 21/01/2017 09:36, Stephan von Krawczynski wrote:
> > I want to enter around several thousand mainly host blackhole routes into bgp
> > for redistribution. The IPs are coming dynamically from a failban setup. Does
> > anyone have an easy way to implement that?
>
> The 'usual' way to do something like this would be to set up a single
> static route as a blackhole (eg: 192.0.2.1/32 -> blackhole) on your
> router(s) and then use BGP on another machine to actually inject the
> routes into your network with a next-hop of 192.0.2.1.
>
> Something like exabgp can be used as part of the tool on the non-router
> machine to get your list of hosts into BGP - I've not looked, but
> something to do what you want may already exist somewhere.
>
> Paul.

Hi Paul,

thanks for your input. I would like to come out with a solution that injects a
"real" blackhole route (linux), just like "ip ro add blackhole <IP>" does.
Simply because this is the option with the lowest cpu impact on the router.
For exactly the same reason I don't want to use an iptables-solution.
So my basic idea was to use some tool (or script) to inject this type of route
into bgpd which in turn should configure the route via netlink on the local
host and redistribute it to other bgp-connected boxes.
If you read the google hits regarding blackhole bgp and the like you always
end up on pages where the blackhole route is typed into the bgpd vty by hand.
This is obviously impossible and no option for several hundred or thousand
routes and a dynamic, automated setup.

--
Regards,
Stephan

_______________________________________________
Quagga-users mailing list
Quagga-users@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-users

In testing I've used something like this bash function before:

function add_routes_to_quagga {
local max=${1:-100}

for i in $(seq 1 $max) ; do
sudo vtysh -c "conf t" -c "ip route 1.1.$i.0/24 blackhole"
done
}

sudo vtysh -c is the key.

Not sure if that is helpful.

-David

On Sat, Jan 21, 2017 at 7:22 AM, Stephan von Krawczynski <skraw@ithnet.com>
wrote:

>
> On Sat, 21 Jan 2017 11:50:43 +0000
> Paul Thornton <paul@prt.org> wrote:
>
> > Hi
> >
> > On 21/01/2017 09:36, Stephan von Krawczynski wrote:
> > > I want to enter around several thousand mainly host blackhole routes
> into bgp
> > > for redistribution. The IPs are coming dynamically from a failban
> setup. Does
> > > anyone have an easy way to implement that?
> >
> > The 'usual' way to do something like this would be to set up a single
> > static route as a blackhole (eg: 192.0.2.1/32 -> blackhole) on your
> > router(s) and then use BGP on another machine to actually inject the
> > routes into your network with a next-hop of 192.0.2.1.
> >
> > Something like exabgp can be used as part of the tool on the non-router
> > machine to get your list of hosts into BGP - I've not looked, but
> > something to do what you want may already exist somewhere.
> >
> > Paul.
>
> Hi Paul,
>
> thanks for your input. I would like to come out with a solution that
> injects a
> "real" blackhole route (linux), just like "ip ro add blackhole <IP>" does.
> Simply because this is the option with the lowest cpu impact on the router.
> For exactly the same reason I don't want to use an iptables-solution.
> So my basic idea was to use some tool (or script) to inject this type of
> route
> into bgpd which in turn should configure the route via netlink on the local
> host and redistribute it to other bgp-connected boxes.
> If you read the google hits regarding blackhole bgp and the like you always
> end up on pages where the blackhole route is typed into the bgpd vty by
> hand.
> This is obviously impossible and no option for several hundred or thousand
> routes and a dynamic, automated setup.
>
> --
> Regards,
> Stephan
>
> _______________________________________________
> Quagga-users mailing list
> Quagga-users@lists.quagga.net
> https://lists.quagga.net/mailman/listinfo/quagga-users
>

On Sat, 21 Jan 2017 07:36:47 -0500
David Bond <dbond@128technology.com> wrote:

> In testing I've used something like this bash function before:
>
> function add_routes_to_quagga {
> local max=${1:-100}
>
> for i in $(seq 1 $max) ; do
> sudo vtysh -c "conf t" -c "ip route 1.1.$i.0/24 blackhole"
> done
> }
>
> sudo vtysh -c is the key.
>
> Not sure if that is helpful.
>
> -David

Hi David,

but that does not yet redistribute the routes, does it?

--
Regards,
Stephan


>
> On Sat, Jan 21, 2017 at 7:22 AM, Stephan von Krawczynski <skraw@ithnet.com>
> wrote:
>
> >
> > On Sat, 21 Jan 2017 11:50:43 +0000
> > Paul Thornton <paul@prt.org> wrote:
> >
> > > Hi
> > >
> > > On 21/01/2017 09:36, Stephan von Krawczynski wrote:
> > > > I want to enter around several thousand mainly host blackhole routes
> > into bgp
> > > > for redistribution. The IPs are coming dynamically from a failban
> > setup. Does
> > > > anyone have an easy way to implement that?
> > >
> > > The 'usual' way to do something like this would be to set up a single
> > > static route as a blackhole (eg: 192.0.2.1/32 -> blackhole) on your
> > > router(s) and then use BGP on another machine to actually inject the
> > > routes into your network with a next-hop of 192.0.2.1.
> > >
> > > Something like exabgp can be used as part of the tool on the non-router
> > > machine to get your list of hosts into BGP - I've not looked, but
> > > something to do what you want may already exist somewhere.
> > >
> > > Paul.
> >
> > Hi Paul,
> >
> > thanks for your input. I would like to come out with a solution that
> > injects a
> > "real" blackhole route (linux), just like "ip ro add blackhole <IP>" does.
> > Simply because this is the option with the lowest cpu impact on the router.
> > For exactly the same reason I don't want to use an iptables-solution.
> > So my basic idea was to use some tool (or script) to inject this type of
> > route
> > into bgpd which in turn should configure the route via netlink on the local
> > host and redistribute it to other bgp-connected boxes.
> > If you read the google hits regarding blackhole bgp and the like you always
> > end up on pages where the blackhole route is typed into the bgpd vty by
> > hand.
> > This is obviously impossible and no option for several hundred or thousand
> > routes and a dynamic, automated setup.
> >
> > --
> > Regards,
> > Stephan
> >
> > _______________________________________________
> > Quagga-users mailing list
> > Quagga-users@lists.quagga.net
> > https://lists.quagga.net/mailman/listinfo/quagga-users
> >



_______________________________________________
Quagga-users mailing list
Quagga-users@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-users

Yes. I suppose depending on your use case you could either redistribute
static or "router bgp <asn>" and "network <route-prefix>" as well.

Regards,
David

On Sun, Jan 22, 2017 at 11:53 PM, Stephan von Krawczynski <skraw@ithnet.com>
wrote:

>
> On Sat, 21 Jan 2017 07:36:47 -0500
> David Bond <dbond@128technology.com> wrote:
>
> > In testing I've used something like this bash function before:
> >
> > function add_routes_to_quagga {
> > local max=${1:-100}
> >
> > for i in $(seq 1 $max) ; do
> > sudo vtysh -c "conf t" -c "ip route 1.1.$i.0/24 blackhole"
> > done
> > }
> >
> > sudo vtysh -c is the key.
> >
> > Not sure if that is helpful.
> >
> > -David
>
> Hi David,
>
> but that does not yet redistribute the routes, does it?
>
> --
> Regards,
> Stephan
>
>
> >
> > On Sat, Jan 21, 2017 at 7:22 AM, Stephan von Krawczynski <
> skraw@ithnet.com>
> > wrote:
> >
> > >
> > > On Sat, 21 Jan 2017 11:50:43 +0000
> > > Paul Thornton <paul@prt.org> wrote:
> > >
> > > > Hi
> > > >
> > > > On 21/01/2017 09:36, Stephan von Krawczynski wrote:
> > > > > I want to enter around several thousand mainly host blackhole
> routes
> > > into bgp
> > > > > for redistribution. The IPs are coming dynamically from a failban
> > > setup. Does
> > > > > anyone have an easy way to implement that?
> > > >
> > > > The 'usual' way to do something like this would be to set up a single
> > > > static route as a blackhole (eg: 192.0.2.1/32 -> blackhole) on your
> > > > router(s) and then use BGP on another machine to actually inject the
> > > > routes into your network with a next-hop of 192.0.2.1.
> > > >
> > > > Something like exabgp can be used as part of the tool on the
> non-router
> > > > machine to get your list of hosts into BGP - I've not looked, but
> > > > something to do what you want may already exist somewhere.
> > > >
> > > > Paul.
> > >
> > > Hi Paul,
> > >
> > > thanks for your input. I would like to come out with a solution that
> > > injects a
> > > "real" blackhole route (linux), just like "ip ro add blackhole <IP>"
> does.
> > > Simply because this is the option with the lowest cpu impact on the
> router.
> > > For exactly the same reason I don't want to use an iptables-solution.
> > > So my basic idea was to use some tool (or script) to inject this type
> of
> > > route
> > > into bgpd which in turn should configure the route via netlink on the
> local
> > > host and redistribute it to other bgp-connected boxes.
> > > If you read the google hits regarding blackhole bgp and the like you
> always
> > > end up on pages where the blackhole route is typed into the bgpd vty by
> > > hand.
> > > This is obviously impossible and no option for several hundred or
> thousand
> > > routes and a dynamic, automated setup.
> > >
> > > --
> > > Regards,
> > > Stephan
> > >
> > > _______________________________________________
> > > Quagga-users mailing list
> > > Quagga-users@lists.quagga.net
> > > https://lists.quagga.net/mailman/listinfo/quagga-users
> > >
>
>
>

Hello there,
I like this approach..., good idea.

Alejandro,



On Jan 21, 2017 08:38, "David Bond" <dbond@128technology.com> wrote:

> In testing I've used something like this bash function before:
>
> function add_routes_to_quagga {
> local max=${1:-100}
>
> for i in $(seq 1 $max) ; do
> sudo vtysh -c "conf t" -c "ip route 1.1.$i.0/24 blackhole"
> done
> }
>
> sudo vtysh -c is the key.
>
> Not sure if that is helpful.
>
> -David
>
> On Sat, Jan 21, 2017 at 7:22 AM, Stephan von Krawczynski <skraw@ithnet.com
> > wrote:
>
>>
>> On Sat, 21 Jan 2017 11:50:43 +0000
>> Paul Thornton <paul@prt.org> wrote:
>>
>> > Hi
>> >
>> > On 21/01/2017 09:36, Stephan von Krawczynski wrote:
>> > > I want to enter around several thousand mainly host blackhole routes
>> into bgp
>> > > for redistribution. The IPs are coming dynamically from a failban
>> setup. Does
>> > > anyone have an easy way to implement that?
>> >
>> > The 'usual' way to do something like this would be to set up a single
>> > static route as a blackhole (eg: 192.0.2.1/32 -> blackhole) on your
>> > router(s) and then use BGP on another machine to actually inject the
>> > routes into your network with a next-hop of 192.0.2.1.
>> >
>> > Something like exabgp can be used as part of the tool on the non-router
>> > machine to get your list of hosts into BGP - I've not looked, but
>> > something to do what you want may already exist somewhere.
>> >
>> > Paul.
>>
>> Hi Paul,
>>
>> thanks for your input. I would like to come out with a solution that
>> injects a
>> "real" blackhole route (linux), just like "ip ro add blackhole <IP>" does.
>> Simply because this is the option with the lowest cpu impact on the
>> router.
>> For exactly the same reason I don't want to use an iptables-solution.
>> So my basic idea was to use some tool (or script) to inject this type of
>> route
>> into bgpd which in turn should configure the route via netlink on the
>> local
>> host and redistribute it to other bgp-connected boxes.
>> If you read the google hits regarding blackhole bgp and the like you
>> always
>> end up on pages where the blackhole route is typed into the bgpd vty by
>> hand.
>> This is obviously impossible and no option for several hundred or thousand
>> routes and a dynamic, automated setup.
>>
>> --
>> Regards,
>> Stephan
>>
>> _______________________________________________
>> Quagga-users mailing list
>> Quagga-users@lists.quagga.net
>> https://lists.quagga.net/mailman/listinfo/quagga-users
>>
>
>
> _______________________________________________
> Quagga-users mailing list
> Quagga-users@lists.quagga.net
> https://lists.quagga.net/mailman/listinfo/quagga-users
>
>