Errors like "bgp1: Error: Hold timer expired"

Peter Hessler phessler at
Thu Jan 5 20:37:10 CET 2017

On 2017 Jan 05 (Thu) at 18:15:00 +0100 (+0100), Ondrej Zajicek wrote:
:On Thu, Jan 05, 2017 at 05:53:40PM +0100, Ondrej Zajicek wrote:
:> On Thu, Jan 05, 2017 at 04:11:25PM +0000, Roger Whittaker wrote:
:> > I'm trying to use bird to help prevent spam as described here:
:> > 
:> >
:> > 
:> > I understand very little about BGP, so I'm really using that article
:> > as a "recipe", and have used the config file there more or less as is,
:> > except for changing the router id setting and enabling logging (and
:> > I've increased scan time to 600).
:> The reason for 'Hold timer expired' is funny. The IP address of
:> is also on the blacklist:
:>   bird> show route
:>   blackhole [bgp1 17:36:37 from] * (100) [AS65055i]
:> Not sure if that is intentional or not.
:OK, seems like the route server is sending not just black list entries,
:but also other entries (white list?) mixed in, marked by BGP communities.
:So the original article is horribly mistaken.
:Blacklisted routes are only ones with (65066, 666) BGP community. So the
:import filter should look more like:
:filter route_import {
:    if !( (65066, 666) ~ bgp_community ) then reject;
:    dest = RTD_BLACKHOLE;
:    accept;

Hi, I'm the author of bgp-spamd.

Yes, only the routes marked with *:666 communities are blacklist entries.
I also include whitelist entries for servers I semi-trust, and those are
marked with *:42 communities.  The service itself uses 65066 as the AS
number, and the upstream servers use their own ASNs.

As a side note, it's strongly discouraged from nullrouting hosts that
are blacklisted.  As noticed, this prevents all communication with the
IPs, including sending "451 you are a spammer" responses in the SMTP

I've sent a note to the author of that page, and I added notes about
these two issues to the website,

A formal parsing algorithm should not always be used.
		-- D. Gries

More information about the Bird-users mailing list