On Thu, Oct 20, 2016 at 06:33:17PM +0100, Justin Cattle wrote: > On 20 October 2016 at 16:35, Clemens Schrimpe <[email protected]> > wrote: > > > It would be nice if export filters for the Kernel protocol could set a > > route type, as in iproute(8): > > > > TYPE := [ unicast | local | broadcast | multicast | throw | > > unreachable | prohibit | *blackhole* | nat ] > > > > > > So, we can already do stuff like this on a bgp filters, like this one on a > a bgp import: > > > if (64511,11) ~ bgp_community then { > > gw = RTD_BLACKHOLE; > } > > ..with choices of: > > RTD_BLACKHOLE, RTD_UNREACHABLE or RTD_PROHIBIT
You are almost right, but it is 'dest' attribute, not 'gw' attribute: To implement RFC 7999 in filters, you have to just add: if (65535, 666) ~ bgp_community then dest = RTD_BLACKHOLE; -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: [email protected]) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
signature.asc
Description: Digital signature
