RTBH (Remotely Triggered Black Hole) using Bird

Mazur, Dariusz dmazur at akamai.com
Mon Mar 18 10:57:22 CET 2024 

Hello Bird Users,
I am trying to implement RTBH (Remotely Triggered Black Hole) in below setup:

0.Simplified Topology:

  *   ebgp fabric
  *   inside fabric we use only IPv6, so we announce IPv4 blocks with IPv6 next hop (extended next hop)
  *   tor --- leaf --- spine---3xstem(3xborder_leaf) --- border
  *   tor announces 192.168.66.1/32 tagged with (65535,666) up to border

1.Border has static route:
r04.border01.labkrk05.fab> show route for  23.0.0.255
23.0.0.255/32        blackhole [DISCARD_ROUTE_v4 2024-01-08] * (200)

2.Border learns 192.168.66.1/32.  In import filter I change next hop to 23.0.0.255 to blackhole traffic to 192.168.66.1/32.
I don’t see this change in “show route”   but I see this in “show route all”

Can you give me a tip how to change eBGP next hop in this scenario and resolve it recursively via static route?

r04.border01.labkrk05.fab> show route  for 192.168.66.1/32
Executing "/usr/sbin/birdc show route for 192.168.66.1/32"
Table master4:
192.168.66.1/32      unicast [fc00:5:1:502::1__r01.stem01.la 09:24:07.174] * (100) [AS4290000010i]
                via fc00:5:1:502::1 on ae201
                     unicast [fc00:5:1:503::1__r02.stem01.la 09:24:07.174] (100) [AS4290000010i]
                via fc00:5:1:503::1 on ae202
                     unicast [fc00:5:1:504::1__r03.stem01.la 09:24:07.172] (100) [AS4290000010i]
                via fc00:5:1:504::1 on ae203


r04.border01.labkrk05.fab> show route  for 192.168.66.1/32 all
192.168.66.1/32      unicast [fc00:5:1:502::1__r01.stem01.la 09:24:07.174] * (100) [AS4290000010i]
                via fc00:5:1:502::1 on ae201
                Type: BGP univ
                BGP.origin: IGP
                BGP.as_path: 4290000004 4290000005 4290000008 4290000010
                BGP.next_hop: 23.0.0.255
                BGP.local_pref: 100
                BGP.community: (65535,666)
                     unicast [fc00:5:1:503::1__r02.stem01.la 09:24:07.174] (100) [AS4290000010i]
                via fc00:5:1:503::1 on ae202
                Type: BGP univ
                BGP.origin: IGP
                BGP.as_path: 4290000004 4290000006 4290000008 4290000010
                BGP.next_hop: 23.0.0.255
                BGP.local_pref: 100
                BGP.community: (65535,666)
                     unicast [fc00:5:1:504::1__r03.stem01.la 09:24:07.172] (100) [AS4290000010i]
                via fc00:5:1:504::1 on ae203
                Type: BGP univ
                BGP.origin: IGP
                BGP.as_path: 4290000004 4290000007 4290000008 4290000010
                BGP.next_hop: 23.0.0.255
                BGP.local_pref: 100
                BGP.community: (65535,666)


Regards,
Dariusz





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20240318/d6e6e9ad/attachment.htm>

More information about the Bird-users mailing list