Hi,
On router A I’ve configured peering session with Team Cymru to receive bogon routes and everything works fine. I’m using separate BGP instance “bogon” just for this. Let’s say my ASN is 1 for this instance. All routes received from TC are set as blackhole.
Now, for testing purposes I want to advertise that routes learned from TC to my other router B, ASN 2. Session is established, but I’m not receiving any routes.
On router A, towards peer B I have “allow all” out-filter configured, also on router B towards peer A I have “allow-all” in-filter, but still no go.
Are blackhole routes advertised over BGP by default? If not, how would I go to advertise them? Again, this is testing config, so I can try pretty much anything you suggest.
Thanks
BGP routes aren’t blackhole routes, even when they are…
What I mean is that there’s no flag in BGP itself that means “blackhole”
The functionality is a “meta” thing that’s accomplished by using some criteria in route filters to cause certain (or all) prefixes learned to be set as type blackhole.
In general, you should just use a single BGP instance and make sure your filters facing providers/peers/customers don’t allow these prefixes to leave your ASN.
Doing this as a separate instance is “safer” in that you won’t accidentally mix your routing data, but at the end of the day, this makes it more complicated to redistribute, as you’re discovering.
All of your other routers will need to have the “blackhole routes” session added, and they’ll need to peer with each other on both sessions.
This is because BGP doesn’t share your routing information - it shares the BGP table. When you run two instances, then this creates two completely independent BGP tables.
The way to accomplish what you want using a single BGP instance is to use communities.
On the bogon peering, make the first rule of the in-filter be a passthrough action rule with the BGP action to apply some community that means “blackhole” route, as well as setting the type=blackhole.
If your ASN is 65000, then you may decide to use community 65000:666 as the “blackhole” community.
On the rest of your routers, you’d have a rule in their in-filter from router 1 such that prefixes with community 65000:666 have the actions: accept and set type=blackhole
For your customer-facing peerings, you’d want to discard prefixes with community=65000:666
I solved a problem differently. I’ve added my router 2 into same ASN as R1, and in R1 on peer configuration I’ve checked “Route reflect”. So all routes received are forwarded to R2 with bogon community (I receive them marked with community) and that community is set as blackhole. And yes, it is running in separate instance, just for bogons.