Flowspec Extended communities
Tim Weippert
weiti at weiti.org
Fri Jun 22 09:00:32 CEST 2018
HI Ondrej,
On Fri, Jun 22, 2018 at 03:17:55AM +0200, Ondrej Zajicek wrote:
> On Thu, Jun 21, 2018 at 08:23:37PM +0200, Tim Weippert wrote:
> > Hi List,
> >
> > i do some testing on Bird as FlowSpec Controller.
> > ...
> > With this approach i can successfully drop all flow4 entries on a
> > cisco ASR 1001-X. But how would i add several flow routes to the flow
> > table and deside differntly on the action?
> >
> > Is it possible to add the community directly to the route entry in the
> > static table, as it is possible in a ipv4 static channel/protocol?
>
> Hi
>
> You can attach filter expressions directly to static routes, e.g.:
>
> route 10.20.0.0/16 via 10.10.1.1 {
> ospf_metric_1 = 100;
> };
Yes, that is what i know.
> For flowspec routes it would look like:
>
> route flow4 {
> src 80.147.231.118/32;
> dst 185.55.234.2/32;
> } {
> # Rate Limit 0 == discard
> bgp_ext_community.add((generic, 0x80060000, 0x00000000));
> };
Ah ok, just another block with { }, that is one of the few things i
haven't tested. Thanks!
> We are working on a way to specify flow actions in more user-friendly manner.
That would be great but if it works it is ok :)
regards,
tim
--
Tim Weippert
http://weiti.org - weiti at weiti.org
GPG Fingerprint - E704 7303 6FF0 8393 ADB1 398E 67F2 94AE 5995 7DD8
More information about the Bird-users
mailing list