OpenBGPd - how to blackhole traffic?

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

OpenBGPd - how to blackhole traffic?

bernd-34
Hi list,

I'd like to blackhole some traffic. For instance, my AS is
12.34.56.0/20, so 12.34.58.0 might be announced, but is not necessarily
connected (internal routing via OSPFd).

On Cisco one uses:

ip route 0.0.0.0 0.0.0.0 Null0

This would throw any traffic headed to a network within my AS, which is
*not* connected (via OSPF), onto the floor.

Is there a way to achieve this on OpenBSD?

Thanks in advance,

Bernd

Reply | Threaded
Open this post in threaded view
|

Re: OpenBGPd - how to blackhole traffic?

Martin Hein
On Thu, 16 Aug 2012 14:47:25 +0200
Bernd <[hidden email]> wrote:
> Is there a way to achieve this on OpenBSD?

Directly from my mind...

To blackhole some google stuff.

route add -blackhole 8.8.0.0/16 127.0.0.1

/Martin

Reply | Threaded
Open this post in threaded view
|

Re: OpenBGPd - how to blackhole traffic?

Josh Hoppes
In reply to this post by bernd-34
http://www.openbsd.org/cgi-bin/man.cgi?query=route&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html

Route has a -blackhole option, so you might try "route add -blackhole
0.0.0.0/0 127.0.0.1"

On Thu, Aug 16, 2012 at 7:47 AM, Bernd <[hidden email]> wrote:

> Hi list,
>
> I'd like to blackhole some traffic. For instance, my AS is 12.34.56.0/20, so
> 12.34.58.0 might be announced, but is not necessarily connected (internal
> routing via OSPFd).
>
> On Cisco one uses:
>
> ip route 0.0.0.0 0.0.0.0 Null0
>
> This would throw any traffic headed to a network within my AS, which is
> *not* connected (via OSPF), onto the floor.
>
> Is there a way to achieve this on OpenBSD?
>
> Thanks in advance,
>
> Bernd

Reply | Threaded
Open this post in threaded view
|

Re: OpenBGPd - how to blackhole traffic?

Claudio Jeker
In reply to this post by bernd-34
On Thu, Aug 16, 2012 at 02:47:25PM +0200, Bernd wrote:

> Hi list,
>
> I'd like to blackhole some traffic. For instance, my AS is
> 12.34.56.0/20, so 12.34.58.0 might be announced, but is not
> necessarily connected (internal routing via OSPFd).
>
> On Cisco one uses:
>
> ip route 0.0.0.0 0.0.0.0 Null0
>
> This would throw any traffic headed to a network within my AS, which
> is *not* connected (via OSPF), onto the floor.
>
> Is there a way to achieve this on OpenBSD?
>

route add default 127.0.0.1 -blackhole

or for IPv6 (not tested)

route add -inet6 default ::1 -blackhole

--
:wq Claudio

Reply | Threaded
Open this post in threaded view
|

Re: OpenBGPd - how to blackhole traffic?

Stuart Henderson
On 2012-08-16, Claudio Jeker <[hidden email]> wrote:

> On Thu, Aug 16, 2012 at 02:47:25PM +0200, Bernd wrote:
>> Hi list,
>>
>> I'd like to blackhole some traffic. For instance, my AS is
>> 12.34.56.0/20, so 12.34.58.0 might be announced, but is not
>> necessarily connected (internal routing via OSPFd).
>>
>> On Cisco one uses:
>>
>> ip route 0.0.0.0 0.0.0.0 Null0
>>
>> This would throw any traffic headed to a network within my AS, which
>> is *not* connected (via OSPF), onto the floor.
>>
>> Is there a way to achieve this on OpenBSD?
>>
>
> route add default 127.0.0.1 -blackhole
>
> or for IPv6 (not tested)
>
> route add -inet6 default ::1 -blackhole
>

or s/blackhole/reject if you would like network unreachables
rather than just drops.