Flowspec Extended communities
Ondrej Zajicek
santiago at crfreenet.org
Fri Jun 22 03:17:55 CEST 2018
On Thu, Jun 21, 2018 at 08:23:37PM +0200, Tim Weippert wrote:
> Hi List,
>
> i do some testing on Bird as FlowSpec Controller.
> ...
> With this approach i can successfully drop all flow4 entries on a
> cisco ASR 1001-X. But how would i add several flow routes to the flow
> table and deside differntly on the action?
>
> Is it possible to add the community directly to the route entry in the
> static table, as it is possible in a ipv4 static channel/protocol?
Hi
You can attach filter expressions directly to static routes, e.g.:
route 10.20.0.0/16 via 10.10.1.1 {
ospf_metric_1 = 100;
};
For flowspec routes it would look like:
route flow4 {
src 80.147.231.118/32;
dst 185.55.234.2/32;
} {
# Rate Limit 0 == discard
bgp_ext_community.add((generic, 0x80060000, 0x00000000));
};
We are working on a way to specify flow actions in more user-friendly manner.
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
More information about the Bird-users
mailing list