Filter based on BGP protocol status ...

[Xavier Trilla]

Hi Maria,

> I'd suggest to depreference the B-route by AS path stuffing, like 3-5 times or so, to effectively force usage of the other route while still exporting it.

Yes, that's what we usually do, but we have found providers that if the client IPs are on their own AS -to which we are connected directly- will route directly to us discarting prepending. 

In this specific scenario, is a service that will be oriented to customers who suffer big DDOS attacks regularly. We have one provider which specializes on DDOS scrubbing services and the ranges for these specific clients will be only announced via that provider to ensure traffic is always filtered. But if the specific provider has an issue or a maintenance we'll have to publish the ranges on other providers and rely on owr DDOS local scrubbing system and blackhole communities for wosrt case scenarios.

We already have in place scripts that inject routes on kernel tables when a specific subnet needs to be filtered -and prepended on non DDOS protected providers- so most probably we'll adapt what we already have.

> No and it isn't in a short-term plan. The multithreaded version may get some better API to do it, yet I won't promise anything specific.

That would be great. I would also like to use the oportunity to tell you how much do we love Bird! It's been our main BGP system for more than a decade, and it's one of the most flexible and stable pieces of software we use. Congratulations to you and the rest of the team for the amazing work you do! Thanks!

Xavier.


-----Mensaje original-----
De: Bird-users <bird-users-bounces at network.cz> En nombre de Maria Matejka
Enviado el: jueves, 24 de marzo de 2022 8:27
Para: bird-users at network.cz
Asunto: Re: Filter based on BGP protocol status ...

Hello!

> Is there any way to filter a export route based on another BGP session 
> status?

No and it isn't in a short-term plan. The multithreaded version may get some better API to do it, yet I won't promise anything specific.

> For the sake of simplicity let's say we have just two providers A and 
> B, and I only want to export some specific routes to B when A is down.
> 
> I can do it externally with a quite simple script (For example: Check 
> if the provider is down via CLI and if it's down insert the routes I 
> want to export to a kernel table and export that to provider B) but it 
> would be nice if I could do it directly in Bird.
> 
> I've been scratching my head around this, but unless there is 
> something like if proto.A == down on the filters I don't really see 
> how to do it (Or maybe some way to raise a global flag based on if I'm 
> receiving routes via provider B, but I don't think that can't be done 
> either.)

I'd suggest to depreference the B-route by AS path stuffing, like 3-5 times or so, to effectively force usage of the other route while still exporting it.

Maria