On Thu, Oct 20, 2016 at 06:33:17PM +0100, Justin Cattle wrote:
On 20 October 2016 at 16:35, Clemens Schrimpe <clemens.schrimpe@gmail.com> wrote:
It would be nice if export filters for the Kernel protocol could set a route type, as in iproute(8):
TYPE := [ unicast | local | broadcast | multicast | throw | unreachable | prohibit | *blackhole* | nat ]
So, we can already do stuff like this on a bgp filters, like this one on a a bgp import:
if (64511,11) ~ bgp_community then {
gw = RTD_BLACKHOLE; }
..with choices of:
RTD_BLACKHOLE, RTD_UNREACHABLE or RTD_PROHIBIT
You are almost right, but it is 'dest' attribute, not 'gw' attribute: To implement RFC 7999 in filters, you have to just add: if (65535, 666) ~ bgp_community then dest = RTD_BLACKHOLE; -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."