Cymru-TEAM (UTRS) Blackholing problem

blackmetal · January 14, 2020, 7:34am

Hello,
I just setup my bgp session with UTRS and this is my configurations

route filter:
add action=accept bgp-communities=64496:0 chain=UTRS-IN comment=“UTRS Filtering” disabled=yes prefix-length=32 set-type=blackhole
add action=discard bgp-communities=“” chain=UTRS-IN
add action=accept bgp-communities=“” chain=UTRS-OUT disabled=yes prefix-length=32 set-bgp-communities=no-export,MYOWNAS:0 set-out-nexthop=192.0.2.1
add action=discard bgp-communities=“” chain=UTRS-OUT

this is my session config:
add in-filter=UTRS-IN instance=MYISPNAME max-prefix-limit=500 max-prefix-restart-time=10m multihop=yes name=UTRS out-filter=UTRS-OUT passive=yes remote-address=154.35.x.x
remote-as=64496 tcp-md5-key=PASSWORD ttl=default

in this case when i announce /32 to UTRS i wcan see attacks towards my network and also i tried remove no-export tag from my as number and tried tag it with 64496:0 only but it did not work,
also they informed me they can see my routes ,
any idea ?
Thank you.

savage · January 14, 2020, 10:03am

CYMRU provides examples for Mikrotik - use them, they work.

blackmetal · January 14, 2020, 10:09am

i have used https://www.team-cymru.com/utrs/getting-started.html example as well but it did not work too!

leoservices · January 16, 2020, 1:47am

Remove this filter. You should not make advertisements for Cymru

add action=accept bgp-communities=“” chain=UTRS-OUT disabled=yes prefix-length=32 set-bgp-communities=no-export,MYOWNAS:0 set-out-nexthop=192.0.2.1

expo · May 20, 2022, 11:51pm

Don’t remove, advertising 25-32 prefixes to URTS is the whole point of the service…

Likely the OP and other posters issue is they are expecting URTS to stop their ddos attack where it will only help if the attack is originating from the network of a URTS member, you also need to be advertising a black hole via bgp community to your upstream providers!