On 07/01/15 15:47 -0400, David H wrote:
Sorry I wasn't clear on that. Traditionally on a hardware, e.g. cisco/brocade, router performing the RTBH role, I'd add blackhole routes by way of static routes with a particular tag; one tag for block this source, one tag for block this destination. Redistribute static would let route maps operate against those tags to turn into bgp communities being applied to the announcements, and then the real routers can do what they need to do. When I tried out Quagga/Zebra as an alternative, it doesn't work this way, so while it was nice that it could pick up static routes from the OS, or have them added manually just like a hardware router, there was no concept of the route tag getting to Zebra for it to do the rest of the work on the BGP side.
We're using Quagga to inject blackhole routes upstream, which can match routes on the OS's metric value: # IPv4 blackhole ~$ ip route add 203.0.113.42/32 dev lo metric 666 ! route-map map_bad_routes permit 10 match metric 666 set community xxxxx:yyy ... ! -- Dan White