[f-nsp] CYMRU bogon update server configuration.

steve at telecomplete.co.uk steve at telecomplete.co.uk
Sun Oct 15 12:27:04 EDT 2006 

Foundry doesnt support bgp routes that are destined to null0. 

You can workaround by routing to the loopback but I believe this would use more CPU under an attack to a bogon route.

I raised this with foundry 2 years ago, I dont know if its been addressed.

Steve

On Sun, Oct 15, 2006 at 04:09:51PM +0300, Nikolay Pavlov wrote:
> Hi, folks.
> I am trying to configure CYMRU BOGONS server like described in this
> guide: http://www.cymru.com/BGP/bogon-rs.html
> I am using Cisco router example and on my cs3550 everything is fine.
> However in case of BigIron8000 this routes is unreachable:
> 
> sh ip bgp neighbor 38.229.0.5 routes-summary
> 1   IP Address: 38.229.0.5
> Routes Accepted/Installed:61,  Filtered/Kept:0,  Filtered:0
>    Routes Selected as BEST Routes:0
>       BEST Routes not Installed in IP Forwarding Table:0
>    Unreachable Routes (no IGP Route for NEXTHOP):61
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>    History Routes:0
> 
> NLRIs Received in Update Message:61,  Withdraws:0 (0),  Replacements:0
>    NLRIs Discarded due to
>       Maximum Prefix Limit:0, AS Loop:0
>       Invalid Nexthop:0, Invalid Nexthop Address:0.0.0.0
>       Duplicated Originator_ID:0, Cluster_ID:0
> 
> Routes Advertised:0,  To be Sent:0,  To be Withdrawn:0
> NLRIs Sent in Update Message:0,  Withdraws:0,  Replacements:0
> 
> Peer Out of Memory Count for:
>    Receiving Update Messages:0, Accepting Routes(NLRI):0
>    Attributes:0, Outbound Routes(RIB-out):0 Outbound Routes Holder:0
> 
> So routes was not installed in routing table.
> 
> Here is additional info:
> 
> telnet at fbi8000-Border-NY#sh ip bgp neighbor 38.229.0.5 routes
>        There are 61 accepted routes from  neighbor 38.229.0.5
> Searching for matching routes, use ^C to quit...
> Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED
>        E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH S:SUPPRESSED
> F:FILTERED
>        Prefix             Next Hop        Metric     LocPrf     Weight
> Status
> 1      1.0.0.0/8          192.0.2.1       0          100        0      E
>          AS_PATH: 65333
> 2      2.0.0.0/8          192.0.2.1       0          100        0      E
>          AS_PATH: 65333
> 3      5.0.0.0/8          192.0.2.1       0          100        0      E
>          AS_PATH: 65333
> 4      7.0.0.0/8          192.0.2.1       0          100        0      E
>          AS_PATH: 65333
> 5      10.0.0.0/8         192.0.2.1       0          100        0      E
>          AS_PATH: 65333
> 6      23.0.0.0/8         192.0.2.1       0          100        0      E
>          AS_PATH: 65333
> 7      27.0.0.0/8         192.0.2.1       0          100        0      E
>          AS_PATH: 65333
> 8      31.0.0.0/8         192.0.2.1       0          100        0      E
>          AS_PATH: 65333
> 9      36.0.0.0/8         192.0.2.1       0          100        0      E
>          AS_PATH: 65333
> 
> and so on...
> 
> telnet at fbi8000-Border-NY#sh ip route 192.0.2.1
> Total number of IP routes: 90238, avail: 309762 (out of max 400000)
>         Destination        Gateway         Port       Cost   Type
>         192.0.2.1/32       255.255.255.255 drop       1      S
> 
> 
> -- 
> ======================================================================  
> - Best regards, Nikolay Pavlov. <<<-----------------------------------    
> ======================================================================  
> 
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp

-- 
Stephen J. Wilcox
BSc (Hons).  CCIE #10730
Technical Director, Telecomplete
http://www.telecomplete.co.uk/

More information about the foundry-nsp mailing list