dokucama

This is an old revision of the document!

FLOWSPEC NOTES RFC 5575

To filter (apply actions) on flows instead of penalising whole prefix ranges.
Actions to be done are transmitted via a BGP session from the controller (tells the router what to filter).SAFI 133.
More specifically, actions are encoded in EXT-COMMUNITIES

We use exabgp to send and receive flowspec messages over the bgp connection
In this articlewe can see how we do : flowspec-bgp-msg > acl > iptable rules
- however it gives for granted that we know how to generate and send flowspec messages.
  - the message was sent by sFlow-RT/exabgp. More info here
flowspec and containerlab: External Link

Flowspec in junos:

> show route table inetflow.0 extensive
inetflow.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) 4.4.4.4,*,proto=17,srcport=53,len>=450&<=600/term:1 (1 entry, 1 announced) TSI:
KRT in dfwd;
Action(s): discard,count
Page 0 idx 0, (group ArborSP type Internal) Type 1 val a3be258 (adv_entry)
Advertised metrics:
Nexthop: Self
Localpref: 100
AS path: [65530] ?
Communities: 65530:100 65530:134 no-export traffic-rate:0:0 Cluster ID: 192.168.252.12
Originator ID: 10.2.25.68 Advertise: 000006f7
Path 4.4.4.4,*,proto=17,srcport=53,len>=450&

EXABGP NOTES:

exabgp api accepts these commands which can be entered either via python swriting stdio (exabgp listents it) or directly via exabgpcli.
Ways to start exabgp:

sudo env exabgp.daemon.user=root exabgp-4.0.0/sbin/exabgp exabgp.conf
sudo env exabgp.debug.configuration=1 exabgp.debug.pdb=1 exabgp.daemon.user=root exabgp-4.0.0/sbin/exabgp exabgp.conf
exabgp ./exabgp.conf

Links:

Examples of flowspec messages. They follow Juniper style

'announce route 100.10.0.0/24 next-hop self',
'announce route 200.20.0.0/24 next-hop self',
'announce flow route { match { destination 172.16.0.0/24; } then { discard; } }',

DDOS protection with RTBH and flowspec: External_Link

Anycast can also be used to prevent inter-regios ddos (Cloudflare):

dokucama

User Tools

Site Tools

Page Tools