Flowspec Extended communities

Ondrej Zajicek santiago at crfreenet.org
Fri Jun 22 03:17:55 CEST 2018


On Thu, Jun 21, 2018 at 08:23:37PM +0200, Tim Weippert wrote:
> Hi List, 
> 
> i do some testing on Bird as FlowSpec Controller.
> ...
> With this approach i can successfully drop all flow4 entries on a
> cisco ASR 1001-X. But how would i add several flow routes to the flow
> table and deside differntly on the action?
> 
> Is it possible to add the community directly to the route entry in the
> static table, as it is possible in a ipv4 static channel/protocol?

Hi

You can attach filter expressions directly to static routes, e.g.:

	route 10.20.0.0/16 via 10.10.1.1 {
		ospf_metric_1 = 100;
	};

For flowspec routes it would look like:

	route flow4 {
		src 80.147.231.118/32;
		dst 185.55.234.2/32;
	} {
		# Rate Limit 0 == discard
		bgp_ext_community.add((generic, 0x80060000, 0x00000000));
	};

We are working on a way to specify flow actions in more user-friendly manner.

-- 
Elen sila lumenn' omentielvo

Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."


More information about the Bird-users mailing list