Hello,
I am new to vyos.
I’m having problems using fastnetmon to detect ddos and combined with the provider’s blackhole to block ddos.
Hope you can help.
I use vyos 1.3
run show version
Version: VyOS 1.3-rolling-202312050935
Release train: equuleus
Currently I have the following configuration filter:
set policy community-list blackhole rule 10 action 'permit'
set policy community-list blackhole rule 10 regex '45903:6519'
set policy prefix-list OUT rule 10 action 'permit'
set policy prefix-list OUT rule 10 prefix '26.30.22.0/24'
set policy route-map EXPORT rule 10 action 'permit'
set policy route-map EXPORT rule 10 match community community-list 'blackhole'
set policy route-map EXPORT rule 10 set metric '0'
set policy route-map EXPORT rule 10 set weight '32768'
set policy route-map EXPORT rule 10 set origin igp
set policy route-map EXPORT rule 10 set src 113.122.22.210
set policy route-map EXPORT rule 10 set local-preference '100'
set policy route-map EXPORT rule 20 action 'permit'
set policy route-map EXPORT rule 20 match ip address prefix-list 'OUT'
set policy route-map blackhole rule 10 action 'permit'
set policy route-map blackhole rule 10 set community '45903:6519'
set protocols bgp 121328 address-family ipv4-unicast redistribute connected
set protocols bgp 121328 address-family ipv4-unicast redistribute static
set protocols bgp 121328 neighbor 135.216.130.5 address-family ipv4-unicast route-map export 'EXPORT'
set protocols bgp 121328 neighbor 135.216.130.5 address-family ipv4-unicast nexthop-self
I used the command below and used blackhole successfully. IP 26.30.22.174 has been completely blocked from international connections, and can still connect within my country.
set protocols bgp 121328 address-family ipv4-unicast network 26.30.22.174/32 route-map 'blackhole'
This is the result of:
run show ip bgp neighbor 135.216.130.5 advertised-routes
Network Next Hop Metric LocPrf Weight Path
*> 26.30.22.0/24 0.0.0.0 0 32768 i
*> 26.30.22.174/32 0.0.0.0 0 100 32768 i
run show ip bgp 26.30.22.174/32
BGP routing table entry for 26.30.22.174/32
Paths: (1 available, best #1, table default)
Advertised to non peer-group peers:
135.216.130.5 192.168.38.199
Local
0.0.0.0 from 0.0.0.0 (113.122.22.210)
Origin IGP, metric 0, weight 32768, valid, sourced, local, best (First path received)
Community: 45903:6519
Last update: Thu Jan 25 16:53:39 2024
And I have connected fastnetmon and vyos bgp successfully.
And here is the filder configuration on my vyos when received from fastnetmon.
set policy route-map EXPORTFast rule 10 action 'permit'
set policy route-map EXPORTFast rule 10 match community community-list 'blackhole'
set policy route-map fastnetmon-out rule 10 action 'permit'
set policy route-map fastnetmon-out rule 10 match community community-list 'blackhole'
set protocols bgp 121328 neighbor 192.168.38.199 address-family ipv4-unicast route-map export 'fastnetmon-out'
set protocols bgp 121328 neighbor 192.168.38.199 address-family ipv4-unicast route-map import 'EXPORTFast'
set protocols bgp 121328 neighbor 192.168.38.199 address-family ipv4-unicast nexthop-self
set protocols bgp 121328 neighbor 192.168.38.199 address-family ipv4-unicast soft-reconfiguration 'inbound'
Khi tôi đặt tại fastnetmon nexthop là 0.0.0.0:
sudo fcli show main gobgp_next_hop
0.0.0.0
Here is the result:
run show ip bgp neighbor 135.216.130.5 advertised-routes
Giống tôi ban đầu của tôi:
Network Next Hop Metric LocPrf Weight Path
*> 26.30.22.0/24 0.0.0.0 0 32768 i
*> 26.30.22.174/32 0.0.0.0 0 100 32768 i
run show ip bgp 26.30.22.174/32
đã khác:
run show ip bgp 26.30.22.174/32
BGP routing table entry for 26.30.22.174/32
Paths: (1 available, best #1, table default)
Advertised to non peer-group peers:
135.216.130.5
Local
192.168.38.199 from 192.168.38.199 (192.168.38.199)
Origin incomplete, localpref 100, valid, internal, best (First path received)
Community: 45903:6519
Last update: Thu Jan 25 17:01:58 2024
Successfully reached my ips,
But the routing table has changed. and ip 26.30.22.174 is not reachable from within my country. Looks like the ip is being routed to 192.168.38.199.
I tried setting fastnetmon nexthop to 10.0.0.1
This is the result of:
run show ip bgp neighbor 135.216.130.5 advertised-routes
Like me my original:
Network Next Hop Metric LocPrf Weight Path
*> 26.30.22.0/24 0.0.0.0 0 32768 i
Does not exist /32
The result:
run show ip bgp 26.30.22.174/32
BGP routing table entry for 26.30.22.174/32
Paths: (1 available, no best path)
Not advertised to any peer
Local
10.0.0.1 (inaccessible) from 192.168.38.199 (192.168.38.199)
Origin incomplete, localpref 100, invalid, internal
Community: 45903:6519
Last update: Thu Jan 25 17:08:03 2024
Does anyone have a way I can successfully use blackhole with fastnetmon?
Hope someone can help me.
Thank you so much!