Re: static default vs bgp default
On 02/02/16 23:23, Angel Lopez Delgado wrote:
Change the preference in your static protocol configuration:
protocol static { route 0.0.0.0/0 unreachable; preference 99; }
Hi everyone, Following Angel's suggestion, I now have the following in bird.conf: protocol static dropall { preference 50; route 0.0.0.0/0 blackhole; } and the following in bird6.conf: protocol static dropall { preference 50; route ::/0 blackhole; } For IPv4, this appears to be working: # ip route show table 10 | fgrep default blackhole default proto bird However, it doesn't appear to have worked for IPv6 (yes, I reloaded bird6): # ip -6 route show table 10 | fgrep default # ip -6 route show table 10 | fgrep ::/0 I even piped the entire output of the "ip -6 route show table 10" command to a pager, and eyeballed the routes. There's no default. But... # birdc6 show route ::/0 BIRD 1.4.5 ready. ::/0 blackhole [dropall 11:19:29] ! (50) Is this a known bug? Or have I misconfigured something? What does the exclamation mean? Regards, Anand
Anno domini 2016 Anand Buddhdev scripsit: [...]
and the following in bird6.conf:
protocol static dropall { preference 50; route ::/0 blackhole; }
[...]
However, it doesn't appear to have worked for IPv6 (yes, I reloaded bird6):
# ip -6 route show table 10 | fgrep default # ip -6 route show table 10 | fgrep ::/0
I even piped the entire output of the "ip -6 route show table 10" command to a pager, and eyeballed the routes. There's no default.
But...
# birdc6 show route ::/0 BIRD 1.4.5 ready. ::/0 blackhole [dropall 11:19:29] ! (50)
Is this a known bug? Or have I misconfigured something? What does the exclamation mean?
It means that bird wasn't able to push the route into the kernel. There should be plenty of messages in syslog complainig about this. Does this give some clue? Best Max -- "I have to admit I've always suspected that MTBWTF would be a more useful metric of real-world performance." -- Valdis Kletnieks on NANOG
On 05/02/16 12:49, Maximilian Wilhelm wrote:
# birdc6 show route ::/0 BIRD 1.4.5 ready. ::/0 blackhole [dropall 11:19:29] ! (50)
Is this a known bug? Or have I misconfigured something? What does the exclamation mean?
It means that bird wasn't able to push the route into the kernel. There should be plenty of messages in syslog complainig about this. Does this give some clue?
Ah ha! I see in /var/log/messages: bird6: Netlink: No such device Thanks for the hint. Some Google searches later, I've discovered that Linux doesn't allow blackhole for IPv6 for some reason. I guess I will use "unreachable" instead of "blackhole" then. Regards, Anand
On Fri, Feb 05, 2016 at 01:09:49PM +0100, Anand Buddhdev wrote:
Some Google searches later, I've discovered that Linux doesn't allow blackhole for IPv6 for some reason. I guess I will use "unreachable" instead of "blackhole" then.
Try: protocol static dropall { preference 50; route 2000::/3 blackhole; }
On 02/05/2016 01:09 PM, Anand Buddhdev wrote:
Some Google searches later, I've discovered that Linux doesn't allow blackhole for IPv6 for some reason. I guess I will use "unreachable" instead of "blackhole" then.
That's probably a limitation of your linux kernel version. From the BIRD FAQ: https://gitlab.labs.nic.cz/labs/bird/wikis/FAQ#ipv6-blackhole-and-prohibit-r... ----------------------- IPv6 blackhole and prohibit routes do not work on Linux This is a limitation of older versions of the Linux kernel, which do not support that route targets for IPv6 routes. A commonly used alternative is to use unreachable route target. If you want to blackhole traffic without sending out ICMP errors on linux, you can use route to a dummy device. Just insert kernel module dummy, this will add a dummy0 interface to your system, so you can enable it and route traffic into it. In BIRD configuration this can be done using e.g. static route 2001:db8:1337::/48 via "dummy0". ----------------------- -- Hans van Kranenburg - System / Network Engineer T +31 (0)10 2760434 | hans.van.kranenburg@mendix.com | www.mendix.com
participants (4)
-
Anand Buddhdev -
Hans van Kranenburg -
Job Snijders -
Maximilian Wilhelm