Filter based on BGP protocol status ...

Xavier Trilla xavier.trilla at clouding.io
Thu Mar 24 12:59:20 CET 2022 

Hi Douglas,

Thanks for the tip, I did not know about ExaBGP, seems worth looking into it.

We also use Zabbix for the monitoring of our platform, but usually some of these things we prefer to do them using regular shell scripting (And the end, something like a script running every N seconds that checks the status of a specific protocol should not be heavy on the system) because that way it does not depend on external systems. But yes, ExaBGP looks really interesting. We’ll check it out.

> You can used also some BGP communities(if your upstream supports it) for no-export for some prefixes... Sometimes it helps.

Well, we do that usually for DDOS traffic diversion to our scrubbing provider, but we have found some providers we have a direct connection to don’t respect prepending and for this specific case, we need to ensure all the traffic is filtered.

Thanks!
Xavier.

De: Douglas Fischer <fischerdouglas at gmail.com>
Enviado el: jueves, 24 de marzo de 2022 11:43
Para: Xavier Trilla <xavier.trilla at clouding.io>
CC: BIRD Users <bird-users at network.cz>
Asunto: Re: Filter based on BGP protocol status ...

I know that it is not the focus of your question, and also is not the focus on this mail list, but...

To that kind of automation, the best BGP engine you will find is ExaBGP. It is not focuses in been in compliance with all the concepts of a routing system itself. It's focus is exactly automations using API.

The scenario you described triggered-me something like a Zabbix looking to the status of BGP sessions of bird, and based on that doing API queries to a ExaBGP that is a iBGP peer of Bird.

This model is used on many tools focused in anomaly detection for triggering DDoS mitigation.


But, if your intention is a much simpler scenario, the suggestion Maria made is the most common!
You can used also some BGP communities(if your upstream supports it) for no-export for some prefixes... Sometimes it helps.

Em qua., 23 de mar. de 2022 12:10, Xavier Trilla <xavier.trilla at clouding.io<mailto:xavier.trilla at clouding.io>> escreveu:
Hi,

I’m quite sure this cannot be done, but I also know there is a lot of BIRD I still don’t know, so here it goes:

Is there any way to filter a export route based on another BGP session status?

For the sake of simplicity let’s say we have just two providers A and B, and I only want to export some specific routes to B when A is down.

I can do it externally with a quite simple script (For example: Check if the provider is down via CLI and if it’s down insert the routes I want to export to a kernel table and export that to provider B) but it would be nice if I could do it directly in Bird.

I’ve been scratching my head around this, but unless there is something like if proto.A == down on the filters I don’t really see how to do it (Or maybe some way to raise a global flag based on if I’m receiving routes via provider B, but I don’t think that can’t be done either.)

Thanks for your time!
Xavier

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20220324/cce0042d/attachment.htm>

More information about the Bird-users mailing list