HI there,
I just started playing with VyOS and thought I’d share a config for taking full Bogon feed from Team Cymru via BGP.
One important note - you may find that after you implement this when you do a “show ip bgp summary” prefix received shows 0. This is because the system does not inject any prefixes into the routing table that it does not know how to reach. To test that your configuration is working perform the following tests:
- Check up/down status. Perform this check for IPv4 and IPv6. We are using a single session to support both v4 and v6 prefixes.
- Check received routes from Cymru. This is the raw prefixes received before it is matched to the community
- Check prefixes after it is processed by your route-map statement.
Here is sample output:
Network Next Hop Metric LocPrf Weight Path
- 0.0.0.0 192.0.2.1 0 65332 i
- 2.56.0.0/14 192.0.2.1 0 65332 i
- 5.8.248.0/21 192.0.2.1 0 65332 i
- 5.39.200.0/21 192.0.2.1 0 65332 i
- 5.45.32.0/20 192.0.2.1 0 65332 i
- 5.100.240.0/21 192.0.2.1 0 65332 i
- 5.104.72.0/21 192.0.2.1 0 65332 i
- 5.133.64.0/18 192.0.2.1 0 65332 i
- 5.180.0.0/14 192.0.2.1 0 65332 i
- 5.199.184.0/21 192.0.2.1 0 65332 i
Network Next Hop Metric LocPrf Weight Path
- ::/8 2001:db8:0:dead:beef::1 0 65332 i
- 100::/8 2001:db8:0:dead:beef::1 0 65332 i
- 200::/7 2001:db8:0:dead:beef::1 0 65332 i
- 400::/6 2001:db8:0:dead:beef::1 0 65332 i
- And finally BLOCK YOUR ANNOUNCEMENT – Be kind to Team Cymru they server a ciritical role. The following commands should show no output at all and will take you back to the prompt.
Thank you,
Babak
[code]Create Community List
set policy community-list 10 rule 10 action permit
set policy community-list 10 rule 10 regex 65332:888
Create IPv4 Prefix List
set policy prefix-list Cymru-Block-pfl4-ADV rule 10 action deny
set policy prefix-list Cymru-Block-pfl4-ADV rule 10 le 32
set policy prefix-list Cymru-Block-pfl4-ADV rule 10 prefix 0.0.0.0/0
Create IPv6 Prefix List
set policy prefix-list6 Cymru-Block-pfl6-ADV rule 10 action deny
set policy prefix-list6 Cymru-Block-pfl6-ADV rule 10 le 128
set policy prefix-list6 Cymru-Block-pfl6-ADV rule 10 prefix ::/0
Create Blackhole Routes
set protocols static route6 2001:DB8:0:DEAD:BEEF::1/128 blackhole distance 255
set protocols static route 192.0.2.1/32 blackhole distance 255
Create Routemap for IPv4 Routes
set policy route-map CymruBogons-ip4-REC rule 10 description ‘Blackhole IPv4 Routes Recieved from Cymru’
set policy route-map CymruBogons-ip4-REC rule 10 action permit
set policy route-map CymruBogons-ip4-REC rule 10 match community community-list 10
set policy route-map CymruBogons-ip4-REC rule 10 set ip-next-hop 192.0.2.1
Create Routemap for IPv6 Routes
set policy route-map CymruBogons-ip6-REC rule 10 description ‘Blackhole IPv6 Routes Recieved from Cymru’
set policy route-map CymruBogons-ip6-REC rule 10 action permit
set policy route-map CymruBogons-ip6-REC rule 10 match community community-list 10
set policy route-map CymruBogons-ip6-REC rule 10 set ipv6-next-hop global 2001:DB8:0:DEAD:BEEF::1
Create BGP Config
set protocols bgp xxxxx neighbor xxxx:xxxx::xxxx:xxxx remote-as 65332
set protocols bgp xxxxx neighbor xxxx:xxxx::xxxx:xxxx address-family ipv6-unicast
set protocols bgp xxxxx neighbor xxxx:xxxx::xxxx:xxxx address-family ipv6-unicast prefix-list export Cymru-Block-pfl6-ADV
set protocols bgp xxxxx neighbor xxxx:xxxx::xxxx:xxxx address-family ipv6-unicast route-map import CymruBogons-ip6-REC
set protocols bgp xxxxx neighbor xxxx:xxxx::xxxx:xxxx address-family ipv6-unicast soft-reconfiguration inbound
set protocols bgp xxxxx neighbor xxxx:xxxx::xxxx:xxxx prefix-list export Cymru-Block-pfl4-ADV
set protocols bgp xxxxx neighbor xxxx:xxxx::xxxx:xxxx route-map import CymruBogons-ip4-REC
set protocols bgp xxxxx neighbor xxxx:xxxx::xxxx:xxxx update-source xxxx:xxxx:x::x
set protocols bgp xxxxx neighbor xxxx:xxxx::xxxx:xxxx password xxxxxxxxx
set protocols bgp xxxxx neighbor xxxx:xxxx::xxxx:xxxx ebgp-multihop 255
[/code]