<div dir="ltr"><div class="gmail_default" style="font-family:courier new,monospace;font-size:small">Just a complementary demonstration of a cenário we this "bgpfs2acl" been used.<br><a href="https://youtu.be/8pNZJUHlRPk">https://youtu.be/8pNZJUHlRPk</a><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Em ter., 16 de jun. de 2020 às 15:39, Douglas Fischer <<a href="mailto:fischerdouglas@gmail.com">fischerdouglas@gmail.com</a>> escreveu:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div class="gmail_default" style="font-family:"courier new",monospace;font-size:small">We were looking for some way to implement BGP Flowspec Filtering(just the permit/deny basic) using L3 switches  in an automated way.<br><br>Searching a bit we found <a href="https://github.com/ios-xr/bgpfs2acl" style="font-family:Arial,Helvetica,sans-serif" target="_blank">https://github.com/ios-xr/bgpfs2acl</a></div><div class="gmail_default" style="font-family:"courier new",monospace;font-size:small"><br></div><div class="gmail_default" style="font-family:"courier new",monospace;font-size:small">Is almost what we are looking for!<br>But is focused on Cisco devices.<br><br></div><div class="gmail_default" style="font-family:"courier new",monospace;font-size:small">We even considered fork it to our specific vendor.<br>But before reinventing the wheel, I decide to ask to colleagues if anybody knows some tool that converts BGP Flowspec ACLs into YAML or even to YANG.<br></div><div class="gmail_default" style="font-family:"courier new",monospace;font-size:small"><br></div><div class="gmail_default" style="font-family:"courier new",monospace;font-size:small">If that exists, with Ansible/Netconf/RestConf(or some similar tool), it would be easy to delegate to Switchs doing the basic filtering that only More expensive Routers can do by now.<br><br><br>P.S.: This Idea does not include(on the first moment) more complex features of Flowspec like Redirect ou Rate-Limt.</div><br><div class="gmail_default" style="font-family:"courier new",monospace;font-size:small"></div><div class="gmail_default" style="font-family:"courier new",monospace;font-size:small">Any suggestions or ideas? </div><br></div><div><br></div><div><br></div><div><br></div>-- <br><div dir="ltr"><font size="2"><span style="font-family:"courier new",monospace">Douglas Fernando Fischer</span><br style="font-family:"courier new",monospace"><span style="font-family:"courier new",monospace">Engº de Controle e Automação</span></font><div style="padding:0px;margin-left:0px;margin-top:0px;overflow:hidden;color:black;text-align:left;line-height:130%;font-family:"courier new",monospace"></div></div></div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><font size="2"><span style="font-family:"courier new",monospace">Douglas Fernando Fischer</span><br style="font-family:"courier new",monospace"><span style="font-family:"courier new",monospace">Engº de Controle e Automação</span></font><div style="padding:0px;margin-left:0px;margin-top:0px;overflow:hidden;color:black;text-align:left;line-height:130%;font-family:"courier new",monospace"></div></div>