flowspec route specification
Alexander Shikov
a.shikov at dtel-ix.net
Mon Feb 28 01:02:58 CET 2022
Hello!
I'm trying to inject flowspec routes from bird to Juniper MX box:
route flow4 { dst 109.68.40.15/32; proto 17; dport 53; } {
bgp_ext_community.add( (generic, 0x80060000, 0x0 ) );
};
route flow4 { dst 109.68.40.16/32; proto 17; dport 123; } {
bgp_ext_community.add( (generic, 0x80060000, 0x000098968 ) );
};
The second flow specification should apply traffic-rate to traffic, but
on Juniper these two flow routes have the same community:
minotaur at br1-ki# run show route table DDoS-Mitigation.inetflow.0 detail |match "entry|Comm"
109.68.40.15,*,proto=17,dstport=53/term:3 (1 entry, 1 announced)
Communities: traffic-rate:0:0
109.68.40.16,*,proto=17,dstport=123/term:4 (1 entry, 1 announced)
Communities: traffic-rate:0:0
Can anyone explain how to correctly set rate-limiting to, for example, 5 Mbps in second specification?
Thank you!
--
Alexander Shikov
Technical Staff, Digital Telecom IX
Tel.: +380 44 201 14 07
Mob.: +380 50 410 30 57
http://dtel-ix.net/
More information about the Bird-users
mailing list