Blackhole community with vyos 1.3

nielsonort124 · January 25, 2024, 10:18am

Hello,
I am new to vyos.
I’m having problems using fastnetmon to detect ddos and combined with the provider’s blackhole to block ddos.
Hope you can help.

I use vyos 1.3

run show version

Version:          VyOS 1.3-rolling-202312050935
Release train:    equuleus

Currently I have the following configuration filter:


set policy community-list blackhole rule 10 action 'permit'
set policy community-list blackhole rule 10 regex '45903:6519'

set policy prefix-list OUT rule 10 action 'permit'
set policy prefix-list OUT rule 10 prefix '26.30.22.0/24'


set policy route-map EXPORT rule 10 action 'permit'
set policy route-map EXPORT rule 10 match community community-list 'blackhole'
set policy route-map EXPORT rule 10 set metric '0'
set policy route-map EXPORT rule 10 set weight '32768'
set policy route-map EXPORT rule 10 set origin igp
set policy route-map EXPORT rule 10 set src 113.122.22.210
set policy route-map EXPORT rule 10 set local-preference '100'
set policy route-map EXPORT rule 20 action 'permit'
set policy route-map EXPORT rule 20 match ip address prefix-list 'OUT'


set policy route-map blackhole rule 10 action 'permit'
set policy route-map blackhole rule 10 set community '45903:6519'



set protocols bgp 121328 address-family ipv4-unicast redistribute connected
set protocols bgp 121328 address-family ipv4-unicast redistribute static
set protocols bgp 121328 neighbor 135.216.130.5 address-family ipv4-unicast route-map export 'EXPORT'
set protocols bgp 121328 neighbor 135.216.130.5 address-family ipv4-unicast nexthop-self

I used the command below and used blackhole successfully. IP 26.30.22.174 has been completely blocked from international connections, and can still connect within my country.

set protocols bgp 121328 address-family ipv4-unicast network 26.30.22.174/32 route-map 'blackhole'

This is the result of:

run show ip bgp neighbor 135.216.130.5 advertised-routes

   Network          Next Hop            Metric LocPrf Weight Path
*> 26.30.22.0/24   0.0.0.0                  0         32768 i
*> 26.30.22.174/32 0.0.0.0                  0    100  32768 i


run show ip bgp 26.30.22.174/32

BGP routing table entry for 26.30.22.174/32
Paths: (1 available, best #1, table default)
  Advertised to non peer-group peers:
  135.216.130.5 192.168.38.199
  Local
    0.0.0.0 from 0.0.0.0 (113.122.22.210)
      Origin IGP, metric 0, weight 32768, valid, sourced, local, best (First path received)
      Community: 45903:6519
      Last update: Thu Jan 25 16:53:39 2024

And I have connected fastnetmon and vyos bgp successfully.
And here is the filder configuration on my vyos when received from fastnetmon.


set policy route-map EXPORTFast rule 10 action 'permit'
set policy route-map EXPORTFast rule 10 match community community-list 'blackhole'

set policy route-map fastnetmon-out rule 10 action 'permit'
set policy route-map fastnetmon-out rule 10 match community community-list 'blackhole'


set protocols bgp 121328 neighbor 192.168.38.199 address-family ipv4-unicast route-map export 'fastnetmon-out'
set protocols bgp 121328 neighbor 192.168.38.199 address-family ipv4-unicast route-map import 'EXPORTFast'
set protocols bgp 121328 neighbor 192.168.38.199 address-family ipv4-unicast nexthop-self
set protocols bgp 121328 neighbor 192.168.38.199 address-family ipv4-unicast soft-reconfiguration 'inbound'

Khi tôi đặt tại fastnetmon nexthop là 0.0.0.0:

sudo fcli show main gobgp_next_hop
0.0.0.0

Here is the result:

run show ip bgp neighbor 135.216.130.5 advertised-routes
Giống tôi ban đầu của tôi:
   Network          Next Hop            Metric LocPrf Weight Path
*> 26.30.22.0/24   0.0.0.0                  0         32768 i
*> 26.30.22.174/32 0.0.0.0                  0    100  32768 i

run show ip bgp 26.30.22.174/32
đã khác:

run show ip bgp 26.30.22.174/32
BGP routing table entry for 26.30.22.174/32
Paths: (1 available, best #1, table default)
  Advertised to non peer-group peers:
  135.216.130.5
  Local
    192.168.38.199 from 192.168.38.199 (192.168.38.199)
      Origin incomplete, localpref 100, valid, internal, best (First path received)
      Community: 45903:6519
      Last update: Thu Jan 25 17:01:58 2024

Successfully reached my ips,
But the routing table has changed. and ip 26.30.22.174 is not reachable from within my country. Looks like the ip is being routed to 192.168.38.199.

I tried setting fastnetmon nexthop to 10.0.0.1

This is the result of:

run show ip bgp neighbor 135.216.130.5 advertised-routes
Like me my original:
   Network          Next Hop            Metric LocPrf Weight Path
*> 26.30.22.0/24   0.0.0.0                  0         32768 i

Does not exist /32

The result:
run show ip bgp 26.30.22.174/32
BGP routing table entry for 26.30.22.174/32
Paths: (1 available, no best path)
  Not advertised to any peer
  Local
    10.0.0.1 (inaccessible) from 192.168.38.199 (192.168.38.199)
      Origin incomplete, localpref 100, invalid, internal
      Community: 45903:6519
      Last update: Thu Jan 25 17:08:03 2024

Does anyone have a way I can successfully use blackhole with fastnetmon?
Hope someone can help me.

Thank you so much!