18.03.2018

FastNetMon Advanced IPv6 BGP configuration

To enable IPv6 for BGP, enable IPv6 on global level using this guide and configure IPv4 BGP integration.

First of all, you need to enable BGP action for IPv6 traffic:

sudo fcli set main gobgp_ipv6 enable

To announce attacked host (/128) use this option:

sudo fcli set main gobgp_announce_host_ipv6 enable

And configure community numbers for host and subnet (it’s not implemented yet) blocks:

sudo fcli set main gobgp_community_host_ipv6 65001:666
sudo fcli set main gobgp_community_subnet_ipv6 65001:667

Finally, configure next hop to required value:

sudo fcli set main gobgp_next_hop_ipv6 100::1

Also, you need to enable IPv6 NLRI for particular peer:

sudo fcli set bgp peer_name ipv6_unicast enable
sudo flci commit

You will need to enable ipv6_flowspec if you use Flow Spec too.

Before moving this setup to production, try blocking any test host manually and check that all announces propagate correctly.