BGP FLowspec to Yang/Yaml ACL
Tim Jackson
jackson.tim at gmail.com
Wed Jun 17 13:07:22 UTC 2020
Use ExaBGP to insert the routes? (https://github.com/Exa-Networks/exabgp)
This is some old Perl that generates the older ExaBGP 2.0 style entries,
but it uses template toolkit which means you can easily change the output
format:
https://paste.somuch.fail/?744af55b8bea1414#WlXYkcfATNRxpRcr4NGOtxw4cqzStbCpApxmIevRPDk=
There's a lot more you could do to make this even more flexible, you don't
need YANG or to modify any config, just build something that accepts what
you're after and sends it as flowspec routes from ExaBGP to the routers you
care about.
--
Tim
On Tue, Jun 16, 2020 at 1:46 PM Douglas Fischer <fischerdouglas at gmail.com>
wrote:
> We were looking for some way to implement BGP Flowspec Filtering(just the
> permit/deny basic) using L3 switches in an automated way.
>
> Searching a bit we found https://github.com/ios-xr/bgpfs2acl
>
> Is almost what we are looking for!
> But is focused on Cisco devices.
>
> We even considered fork it to our specific vendor.
> But before reinventing the wheel, I decide to ask to colleagues if anybody
> knows some tool that converts BGP Flowspec ACLs into YAML or even to YANG.
>
> If that exists, with Ansible/Netconf/RestConf(or some similar tool), it
> would be easy to delegate to Switchs doing the basic filtering that only
> More expensive Routers can do by now.
>
>
> P.S.: This Idea does not include(on the first moment) more
> complex features of Flowspec like Redirect ou Rate-Limt.
>
> Any suggestions or ideas?
>
>
>
>
> --
> Douglas Fernando Fischer
> Engº de Controle e Automação
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200617/74695f53/attachment.html>
More information about the NANOG
mailing list