Pages

11/12/2017

Vyatta vRouter Appliance: Using BGP to distribute 'firewall' rules

A while ago I attended a Mikrotik User Meeting or MUM for short. For those of you that don't know, Mikrotik are a Latvian company that make networking hardware and an operating system known as RouterOS, that will act as a router and firewall. Their 'USP' is value for money. £22 will get you a home router that will support OSPF, BGP, MPLS et and £2736 will get you a router that will route almost 80Gb/s. Nice.

The MUM consisted of various presentations and demonstrations and one which caught my eye was a presentation from Barry Higgins from Allness, who demonstrated using OSPF to distribute a black list of bad guys which were then null routed, a nice method of distributing 'firewall' rules on a bunch of routers automagically. You can view his presentation on Youtube.

I've recently been playing Vyatta vRouter appliances and wondered if I could apply a similar method of injecting a black list from an IDS (Intrusion Detection System) and having it distributed via BGP.