+1 for BIRD. Basically, what you want is to have several different static (blackhole) routes, and be able to differenciate them at BGP level, for marking with communities, etc. Correct? This is easy with BIRD. Just use separate instances of the "static" protocol, and filter using "proto" to distinguish between them. E.g.: protocol static default_sink { # sink all local prefixes by default, to avoid loops # (low localpref, let other routes override us) import filter { preference = 1; accept; }; route 192.0.2.0/24 blackhole; } protocol static forbidden { # these guys looked at me the wrong way route 198.51.100.0/24 blackhole; } protocol static temp_block { # DDOS mitigation, etc route 203.0.113.17/32 blackhole; } protocol bgp customer1 { export filter { if proto = "default_sink" then reject; if proto = "temp_block" then set_tempblock_community(); if proto = "forbidden" then do_other_stuff(); } # ... } On 07/01/2015 08:47 PM, David H wrote:
Sorry I wasn't clear on that. Traditionally on a hardware, e.g. cisco/brocade, router performing the RTBH role, I'd add blackhole routes by way of static routes with a particular tag; one tag for block this source, one tag for block this destination. Redistribute static would let route maps operate against those tags to turn into bgp communities being applied to the announcements, and then the real routers can do what they need to do. When I tried out Quagga/Zebra as an alternative, it doesn't work this way, so while it was nice that it could pick up static routes from the OS, or have them added manually just like a hardware router, there was no concept of the route tag getting to Zebra for it to do the rest of the work on the BGP side.
I'll check out Bird too; thanks.
On Wed, Jul 1, 2015 at 3:41 PM, Job Snijders <job@instituut.net> wrote:
On Wed, Jul 01, 2015 at 11:19:45AM -0400, David H wrote:
I was wondering if anyone can recommend a software (preferable), or hardware-based router with an API, that supports BGP with tags on advertised routes? I want to use it for a RTBH feed [ ... ] Did you look at BIRD? It is one of the most beautiful open source BGP speakers: http://bird.network.cz/
BIRD does not have anything like an restful API, but you can just generate the config file and reload it on the fly to accomplish the same.
Can you elaborate on what you mean with 'tags'? Could you use BGP communities instead?
Kind regards,
Job