Community discussions

MikroTik App
 
kellogs
Member Candidate
Member Candidate
Topic Author
Posts: 123
Joined: Sun Jan 04, 2009 10:55 am

ROSv7 - BGP Blackhole

Tue Jul 02, 2024 2:28 am

hello

https://help.mikrotik.com/docs/display/ ... h+examples

May I know why do we need to set the IP prefix which we are advertising in blackhole please?

/ip/firewall/address-list/
add list=bgp-networks address=192.168.0.0/24

/ip/route
add dst-address=192.168.0.0/24 blackhole

/routing/bgp/connection
set peer_name output.network=bgp-networks
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 3275
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: ROSv7 - BGP Blackhole

Tue Jul 02, 2024 2:43 am

just a few lines forward in the same page you find that answer

In v7 it is not possible to turn off synchronization with IGP routes (the network will be advertised only if the corresponding IGP route is present in the routing table).

https://help.mikrotik.com/docs/display/ ... s-Networks
 
kellogs
Member Candidate
Member Candidate
Topic Author
Posts: 123
Joined: Sun Jan 04, 2009 10:55 am

Re: ROSv7 - BGP Blackhole

Tue Jul 02, 2024 6:22 am

just a few lines forward in the same page you find that answer

In v7 it is not possible to turn off synchronization with IGP routes (the network will be advertised only if the corresponding IGP route is present in the routing table).

https://help.mikrotik.com/docs/display/ ... s-Networks
Thank you for the reply. I still dont understand why this is related with blackhole actually. I am sorry if you could explain more it would be very much appreciated.
 
Wombat7
just joined
Posts: 3
Joined: Tue Nov 03, 2015 10:27 am

Re: ROSv7 - BGP Blackhole

Wed Jul 03, 2024 3:07 am

The black hole is just so that the route is present. If the route is used anywhere else in the routing table i.e broken up into smaller routes or assigned to interfaces these will take precedent when it comes to the actual routing of traffic. The blackhole is essentially just used as a catch all so BGP knows its in use somewhere on the router.
 
kellogs
Member Candidate
Member Candidate
Topic Author
Posts: 123
Joined: Sun Jan 04, 2009 10:55 am

Re: ROSv7 - BGP Blackhole

Thu Aug 08, 2024 1:17 pm

actually setting to blackhole is a bad idea ... if you never set any static route for that subnet afterwards ... all the traffic would be dropped!
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7208
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: ROSv7 - BGP Blackhole

Thu Aug 08, 2024 1:30 pm

Quite the contrary, it is a bad idea to route traffic inside your network without an actual destination.
Blackholing traffic on the edge prevents it.
 
kellogs
Member Candidate
Member Candidate
Topic Author
Posts: 123
Joined: Sun Jan 04, 2009 10:55 am

Re: ROSv7 - BGP Blackhole

Thu Aug 08, 2024 1:36 pm

is there any better option than blackholing it?

because there are many ways to add a subnet into routing table. say if you setup the blackhole and now you set the static route to point this /24 to our downstream. when public access this subnet they would get blackhole because the entry is there!
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7208
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: ROSv7 - BGP Blackhole

Thu Aug 08, 2024 1:46 pm

If you set a static route to point to your downstream then traffic will not be blackholed, it will be routed downstream, but if you do not have routes at all (even no blackhole) and have a default route to upstream, then congratulations you created a routing loop and congested your upstream link. Basically, DOSed yourself.
 
kellogs
Member Candidate
Member Candidate
Topic Author
Posts: 123
Joined: Sun Jan 04, 2009 10:55 am

Re: ROSv7 - BGP Blackhole

Thu Aug 08, 2024 2:37 pm

i think in v7, the BGP would not advertise the prefix to the upstream if the prefix is not in the routing table
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7208
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: ROSv7 - BGP Blackhole

Thu Aug 08, 2024 2:45 pm

Yes, it won't as it was already mentioned before here and in the documentation, because of the reasons I pointed out in my previous posts.
So setting a blackhole route on the edge router is a good practice.