dokucama

This is an old revision of the document!

---

Most of the vantage points are now ipv4 default, so:

show bgp ipv4 unicast 203.190.181.0    ! to pull a route
sh ip bgp regexp _200981$   ! regexp anything from our ASN
sh ip bgp regexp _200981$   ! regexp anything from our ASN
show bgp ipv4 unicast regexp 174_([0-9]+)_200981$ ! regexp anything from our ASN traversing Cogent

---

FRR routing FREE RANGE ROUTING
http://docs.frrouting.org/en/latest/bgp.html
Zebra IS THE RIB
To restart frr:

/usr/lib/frr/frr-reload.py /etc/frr/frr.conf --reload
/usr/lib/frr/frrinit.sh restart

Also here: https://github.com/FRRouting/frr/blob/master/tools/frr-reload.py

Binding files: External Link,

Route Servers IXP:

• https://docs.ixpmanager.org/features/route-servers/
• https://www.ixpmanager.org/media/2018/20180417-euroix-ixpmanager.pdf

---

FLOWSPEC NOTES RFC 5575

To filter (apply actions) on flows instead of penalising whole prefix ranges.
Actions to be done are transmitted via a BGP session from the controller (tells the router what to filter).SAFI 133.
More specifically, actions are encoded in EXT-COMMUNITIES

• We use exabgp to send and receive flowspec messages over the bgp connection
• In this articlewe can see how we do : flowspec-bgp-msg > acl > iptable rules
  • however it gives for granted that we know how to generate and send flowspec messages.
    • the message was sent by sFlow-RT/exabgp. More info here
• flowspec and containerlab: External Link

Flowspec in junos:

> show route table inetflow.0 extensive
inetflow.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) 4.4.4.4,*,proto=17,srcport=53,len>=450&<=600/term:1 (1 entry, 1 announced) TSI:
KRT in dfwd;
Action(s): discard,count
Page 0 idx 0, (group ArborSP type Internal) Type 1 val a3be258 (adv_entry)
Advertised metrics:
Nexthop: Self
Localpref: 100
AS path: [65530] ?
Communities: 65530:100 65530:134 no-export traffic-rate:0:0 Cluster ID: 192.168.252.12
Originator ID: 10.2.25.68 Advertise: 000006f7
Path 4.4.4.4,*,proto=17,srcport=53,len>=450&

---

EXABGP NOTES:

exabgp api accepts these commands which can be entered either via python swriting stdio (exabgp listents it) or directly via exabgpcli.
Ways to start exabgp:

sudo env exabgp.daemon.user=root exabgp-4.0.0/sbin/exabgp exabgp.conf
sudo env exabgp.debug.configuration=1 exabgp.debug.pdb=1 exabgp.daemon.user=root exabgp-4.0.0/sbin/exabgp exabgp.conf
exabgp ./exabgp.conf

Links:

• https://thepacketgeek.com/exabgp/getting-started/
• https://brezular.com/2020/10/01/bgp-flowspec-on-arista-veos/
• https://github.com/Exa-Networks/exabgp/tree/master
• https://vincent.bernat.ch/en/blog/2013-exabgp-highavailability
• https://blog.sflow.com/2017/07/real-time-ddos-mitigation-using-sflow.html
• https://blog.sflow.com/2017/07/bgp-flowspec-on-white-box-switch.html
• https://devangnp.github.io/blog/bgp-flowspec-exabgp/
• https://github.com/ancker010/exabgp-flowspec-generator/blob/master/flowspec-generator.py

Examples of flowspec messages. They follow Juniper style

'announce route 100.10.0.0/24 next-hop self',
'announce route 200.20.0.0/24 next-hop self',
'announce flow route { match { destination 172.16.0.0/24; } then { discard; } }',

DDOS protection with RTBH and flowspec: External_Link

Anycast can also be used to prevent inter-regios ddos (Cloudflare):