Community discussions

MikroTik App
 
schadom
Member Candidate
Member Candidate
Topic Author
Posts: 152
Joined: Sun Jun 25, 2017 2:47 am
Location: Austria

BGP Blackhole not working

Sun Jun 25, 2017 3:48 am

HI,

i'm trying to blackhole a single IPv6 on my upstream (HE) via a filter rule attached to the BGP instance with out-filter.
Unfortunately and no matter what I try, it seems I cant get this it to work. Maybe any hints?

Attached my current config.

Thanks in advance
[rtradmin@core] /ipv6 address> print where interface=bridge1 
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local 
 #    ADDRESS                                     FROM-POOL INTERFACE                                                        ADVERTISE
 0  G 2001:623:420:6666::1/128                              bridge1                                                          no       


[rtradmin@core] /routing bgp instance> print 
Flags: * - default, X - disabled 
 0 *  name="default" as=12345 router-id=x.x.x.x redistribute-connected=no redistribute-static=no redistribute-rip=no 
      redistribute-ospf=no redistribute-other-bgp=no out-filter=blackhole-out client-to-client-reflection=yes ignore-as-path-len=no 
      routing-table="" 


[rtradmin@core] /routing filter> print where chain=blackhole-out 
Flags: X - disabled 
 0   chain=blackhole-out prefix=2001:623:420:6666::1/128 bgp-communities="" address-family=ipv6 invert-match=no action=accept 
     set-type=blackhole set-bgp-prepend-path="" set-bgp-communities=6939:666

 1   chain=blackhole-out invert-match=no action=discard set-bgp-prepend-path="" 
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 6176
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: BGP Blackhole not working

Mon Jun 26, 2017 12:23 pm

There are no type=blackhole for IPv6 routes. Only "unicast" and "unreachable" are accepted.
 
scampbell
Trainer
Trainer
Posts: 475
Joined: Thu Jun 22, 2006 5:20 am
Location: Wellington, NZ
Contact:

Re: BGP Blackhole not working

Sun Sep 06, 2020 10:51 pm

In that case it would be useful in Winbox to not list invalid route types - as it is in the CLI ??
MTCNA, MTCWE, MTCRE, MTCTCE, MTCSE, MTCINE, MTCEWE, Trainer
___________________
Mikrotik Distributor - New Zealand
http://www.campbell.co.nz
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 6176
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: BGP Blackhole not working

Mon Sep 07, 2020 9:16 am

Winbox already lists only unicast and unreachable for IPv6 routes the same as CLI.
 
scampbell
Trainer
Trainer
Posts: 475
Joined: Thu Jun 22, 2006 5:20 am
Location: Wellington, NZ
Contact:

Re: BGP Blackhole not working

Thu Sep 17, 2020 2:31 am

Winbox already lists only unicast and unreachable for IPv6 routes the same as CLI.
Good point - under /ipv6 route in Winbox you are 100% correct.

I had been looking under /route filters in the action set-route type which listed all 4 types (IPV4) - any chance Blackhole and Prohibit could show as IPv4 only in the description ?
MTCNA, MTCWE, MTCRE, MTCTCE, MTCSE, MTCINE, MTCEWE, Trainer
___________________
Mikrotik Distributor - New Zealand
http://www.campbell.co.nz

Who is online

Users browsing this forum: No registered users and 23 guests