Flowspec Extended communities
Tim Weippert
weiti at weiti.org
Thu Jun 21 20:23:37 CEST 2018
Hi List,
i do some testing on Bird as FlowSpec Controller.
I added a static protocol for inserting flowspec routes:
flow4 table flowtab4;
# RFC 5575 flow specification
protocol static flowstat4 {
flow4;
route flow4 {
src 80.147.231.118/32;
dst 185.55.234.2/32;
};
}
and setting en export filter on the peer to add the needed extended
community to discard the traffic:
# IPv4 Flowspec (1/133)
flow4 {
# connects to flowtab4 table by default
import all;
export filter {
# Rate Limit 0 == discard
bgp_ext_community.add((generic, 0x80060000, 0x00000000));
accept;
};
};
With this approach i can successfully drop all flow4 entries on a
cisco ASR 1001-X. But how would i add several flow routes to the flow
table and deside differntly on the action?
Is it possible to add the community directly to the route entry in the
static table, as it is possible in a ipv4 static channel/protocol?
I haven't found anything in the documentation.
Or do i need to write an filter which match on different flow attributes
to set individual actions?
Additional i can't really calculate a rate-limit, does someone had an
example for this?
regards,
tim
--
Tim Weippert
http://weiti.org - weiti at weiti.org
GPG Fingerprint - E704 7303 6FF0 8393 ADB1 398E 67F2 94AE 5995 7DD8
More information about the Bird-users
mailing list