Exabgp integration for announce blackholed IP's with BGP

[pavel-odintsov]

Subject

It's more standard and reliable way to ban IPs.

[franklouwers]

could be done via for instance exabgp monitor feature, or via bird (which can learn from kernel routing tables: I have a setup on a honeypot search where fail2ban adds bad hosts to unreachable kernel routing table, and birds picks those up and blackholes them via bgp). Let me know if you need feedback/input/.. :)

[pavel-odintsov]

Could you share your experience with exabgp monitor feature? It's looks very interesting!

[pavel-odintsov]

Well, we could implement it on top of PIPE feature of exabgp: https://github.com/Exa-Networks/exabgp/issues/244

[pavel-odintsov]

Btw, we could add ability to specify community number for announce.

[s4m4n]

Best bet would be adding a bgp community to the ip and advertise it to the router. On the router configuration it's easy to set a policy that blackhole or null-route any received route with the community $x .

[pavel-odintsov]

Yep, so good idea. I need some time for deploying test env with Quagga.

[pavel-odintsov]

I found awesome guide for this task https://www.m00nie.com/2014/01/bgp-rtbh-setup-using-exabgp/

[pavel-odintsov]

Well, my test env have just deployed: http://www.stableit.ru/2015/04/quagga-bgp-and-exabgp-work-together-for.html

I will start my work for integration shortly.

[pavel-odintsov]

Implemented:) Testers are welcome! Reference guide here: https://github.com/FastVPSEestiOu/fastnetmon/blob/master/docs/EXABGP_INTEGRATION.md