hello
https://help.mikrotik.com/docs/display/ ... h+examples
May I know why do we need to set the IP prefix which we are advertising in blackhole please?
/ip/firewall/address-list/
add list=bgp-networks address=192.168.0.0/24
/ip/route
add dst-address=192.168.0.0/24 blackhole
/routing/bgp/connection
set peer_name output.network=bgp-networks
Re: ROSv7 - BGP Blackhole
just a few lines forward in the same page you find that answer
https://help.mikrotik.com/docs/display/ ... s-Networks
In v7 it is not possible to turn off synchronization with IGP routes (the network will be advertised only if the corresponding IGP route is present in the routing table).
https://help.mikrotik.com/docs/display/ ... s-Networks
Re: ROSv7 - BGP Blackhole
Thank you for the reply. I still dont understand why this is related with blackhole actually. I am sorry if you could explain more it would be very much appreciated.just a few lines forward in the same page you find that answer
In v7 it is not possible to turn off synchronization with IGP routes (the network will be advertised only if the corresponding IGP route is present in the routing table).
https://help.mikrotik.com/docs/display/ ... s-Networks
Re: ROSv7 - BGP Blackhole
The black hole is just so that the route is present. If the route is used anywhere else in the routing table i.e broken up into smaller routes or assigned to interfaces these will take precedent when it comes to the actual routing of traffic. The blackhole is essentially just used as a catch all so BGP knows its in use somewhere on the router.
Re: ROSv7 - BGP Blackhole
actually setting to blackhole is a bad idea ... if you never set any static route for that subnet afterwards ... all the traffic would be dropped!
Re: ROSv7 - BGP Blackhole
Quite the contrary, it is a bad idea to route traffic inside your network without an actual destination.
Blackholing traffic on the edge prevents it.
Blackholing traffic on the edge prevents it.
Re: ROSv7 - BGP Blackhole
is there any better option than blackholing it?
because there are many ways to add a subnet into routing table. say if you setup the blackhole and now you set the static route to point this /24 to our downstream. when public access this subnet they would get blackhole because the entry is there!
because there are many ways to add a subnet into routing table. say if you setup the blackhole and now you set the static route to point this /24 to our downstream. when public access this subnet they would get blackhole because the entry is there!
Re: ROSv7 - BGP Blackhole
If you set a static route to point to your downstream then traffic will not be blackholed, it will be routed downstream, but if you do not have routes at all (even no blackhole) and have a default route to upstream, then congratulations you created a routing loop and congested your upstream link. Basically, DOSed yourself.
Re: ROSv7 - BGP Blackhole
i think in v7, the BGP would not advertise the prefix to the upstream if the prefix is not in the routing table
Re: ROSv7 - BGP Blackhole
Yes, it won't as it was already mentioned before here and in the documentation, because of the reasons I pointed out in my previous posts.
So setting a blackhole route on the edge router is a good practice.
So setting a blackhole route on the edge router is a good practice.