Flowspec Extended communities

Tim Weippert weiti at weiti.org
Mon Jun 25 09:18:55 CEST 2018


On Thu, Jun 21, 2018 at 08:23:37PM +0200, Tim Weippert wrote:
> Hi List, 
> 

[...]

> Additional i can't really calculate a rate-limit, does someone had an
> example for this?

will answer this question myself.

---

Calculating rate-limit 50 mbit/s:

50 / 8 == 6.25 MByte/s
6.25 * 1000 * 100 == 6250000 Bytes/s

Convert them to Float IEEE754 ( use some online tools, 
e.g.: http://www.binaryconvert.com/convert_float.html):

FloatIEEE754 6250000 == 0x4ABEBC20

---

I write a small Blog Post to document the journey: 

https://weiti.org/network/2018/06/25/flowspec-bird2-controller

Hope this help others.

regards, 
tim

> i do some testing on Bird as FlowSpec Controller.
> 
> I added a static protocol for inserting flowspec routes:
> 
> flow4 table flowtab4;
> 
> # RFC 5575 flow specification
> protocol static flowstat4 {
>         flow4;
> 
>         route flow4 {
>                 src 80.147.231.118/32;
>                 dst 185.55.234.2/32;
>         };
> 
> }
> 
> and setting en export filter on the peer to add the needed extended
> community to discard the traffic:
> 
>         # IPv4 Flowspec (1/133)
>         flow4 {
>                 # connects to flowtab4 table by default
>                 import all;
>                 export filter {
>                         # Rate Limit 0 == discard
>                         bgp_ext_community.add((generic, 0x80060000, 0x00000000));
>                         accept;
>                 };
>         };
> 
> With this approach i can successfully drop all flow4 entries on a
> cisco ASR 1001-X. But how would i add several flow routes to the flow
> table and deside differntly on the action?
> 
> Is it possible to add the community directly to the route entry in the
> static table, as it is possible in a ipv4 static channel/protocol?
> 
> I haven't found anything in the documentation.
> 
> Or do i need to write an filter which match on different flow attributes
> to set individual actions?
> 
> Additional i can't really calculate a rate-limit, does someone had an
> example for this?
> 
> regards, 
> tim
> 
> -- 
> Tim Weippert
> http://weiti.org - weiti at weiti.org
> GPG Fingerprint - E704 7303 6FF0 8393 ADB1  398E 67F2 94AE 5995 7DD8

-- 
Tim Weippert
http://weiti.org - weiti at weiti.org
GPG Fingerprint - E704 7303 6FF0 8393 ADB1  398E 67F2 94AE 5995 7DD8


More information about the Bird-users mailing list