Dynamic reconfigurations of bird - how?
Ondrej Zajicek
santiago at crfreenet.org
Thu Jul 14 16:44:07 CEST 2022
On Sat, Jul 09, 2022 at 10:44:26AM +0200, Nico Schottelius wrote:
>
> Good morning fellow bird users,
>
> I was wondering how you handle "dynamic reconfigurations" such as
> rerouting, adding filters, changing the priority of routes in case of
> attacks?
>
> In particular I wonder if there is a "good way" to tell bird to lower or
> raise a certain route temporarily, i.e. something that would be reset on
> a reload? Or to tell bird to forget about specific routes that you want
> to filter for blackholing certain parts?
>
> So far in case of attacks we usually edit bird.conf, reload
> bird and after the attacks are done, purge/overwrite the config with our
> config management (cdist in our case).
>
> This works, but has a bit of a write-reload instead of a set-and-forget
> behaviour, and I was more looking to something like "set on a switch,
> but don't issue the write command"-mode.
>
> Any thoughts on this?
Hello
Two ideas:
1) Use separate copy of a config file, and then use it as an argument:
configure "bird-temp.conf"
So your basic configuration stays unchanged.
2) Use some additional kernel routing table for these dynamic routes
and import them to BIRD using kernel protocol with 'learn' option.
Then add/remove these routes using 'ip' system tool.
BTW, your e-mail has date 2022-07-09. but all headers have today date
(2022-07-14).
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
More information about the Bird-users
mailing list