[ixpmanager] Blackhole service on IXP manager route servers (RTBH)

Leon Meßner l.messner at physik.tu-berlin.de
Wed Oct 28 15:24:23 GMT 2020 

Dear Behnam,

On Mon, 26 Oct 2020 11:27:31 +0330
Behnam Yazdani <behnamyazdani at gmail.com> wrote:
> We want to implement RTBH service in our IX environment, currently we have activated IRRDB filtering. for this purpose we have deployed two Servers used as blackhole next-hop, they inject an ARP response to members that populate IX switches with BH-MAC, this BH-MAC is dropped on all IX switches. In our current deployment members will have to establish a new BGP session with a dedicated Blackhole Router. we want to integrate BH service with IXP manager route servers, however, there are two issue what we need to resolve for this purpose:
> 1) We need to change BH next-hop to the IP address of BH servers that their MAC is later dropped in IX switches’ CAM table, and I need to know how can we implement this in IXPmanager 
> 2) we need to change IRRDB filter so that generated prefix filters accepts /32 prefixes advertised by members, for example there’s a route object for 192.0.2.0/24 with AS65535 as origin. By default generated prefix-list will have /24 mask for AS65535 member, but we need  IXP manager  to generate prefix filter that accepts 192.0.2.0/24 Le 32 from AS65535

have you considered skinning your routeserver templates[1]? You can
find the stock templates for bird v1(v2) at
$IXPROOT/resources/views/api/v4/router/server/bird(2). In your skinned
version you can then change bgp_next_hop in the sessions export filter.
Newer IXP-Managers have a checkbox in the Webinterface to accept
more-specifics. You can find the relevant line in the
bird2/neighbors.foil.php template looking for prefixExactToLessSpecific.
If you want the BH RS behaviour to be independent of that checkbox
something like

allnet = [ <?= implode( ', ', preg_filter('/$/', '+', $int['irrdbfilter_prefixes']) ) ?> ];

should also work.

Regards,
Leon

[1] https://docs.ixpmanager.org/features/skinning/
>  
> How should we configure IXP manager to resolve these two issues
> P.S. we’re using bird as our route server
> 
> Thanks for your help
> _______________________________________________
> INEX IXP Manager mailing list
> ixpmanager at inex.ie
> Unsubscribe or change options here: https://www.inex.ie/mailman/listinfo/ixpmanager

More information about the ixpmanager mailing list