Errors like "bgp1: Error: Hold timer expired"
Ondrej Zajicek
santiago at crfreenet.org
Thu Jan 5 18:15:00 CET 2017
On Thu, Jan 05, 2017 at 05:53:40PM +0100, Ondrej Zajicek wrote:
> On Thu, Jan 05, 2017 at 04:11:25PM +0000, Roger Whittaker wrote:
> > I'm trying to use bird to help prevent spam as described here:
> >
> > https://debian-administration.org/article/715/Preventing_SPAM_connections_with_bird
> >
> > I understand very little about BGP, so I'm really using that article
> > as a "recipe", and have used the config file there more or less as is,
> > except for changing the router id setting and enabling logging (and
> > I've increased scan time to 600).
>
> The reason for 'Hold timer expired' is funny. The IP address of eu.bgp-spamd.net
> is also on the blacklist:
>
> bird> show route 217.31.80.170/32
> 217.31.80.170/32 blackhole [bgp1 17:36:37 from 217.31.80.170] * (100) [AS65055i]
>
> Not sure if that is intentional or not.
OK, seems like the route server is sending not just black list entries,
but also other entries (white list?) mixed in, marked by BGP communities.
So the original article is horribly mistaken.
Blacklisted routes are only ones with (65066, 666) BGP community. So the
import filter should look more like:
filter route_import {
if !( (65066, 666) ~ bgp_community ) then reject;
dest = RTD_BLACKHOLE;
accept;
}
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20170105/04fda8f7/attachment.asc>
More information about the Bird-users
mailing list