Mailing List Archive

FlowSpec and RTBH
Hi,

I was wondering is there a way to export family flow routes (from
inetflow.0) to non flowspec BGP speaker?
For example tag Flowspec route with community and advertise this route with
different community to blackhole on upstream network (selective RTBH).


--
Marcin
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: FlowSpec and RTBH [ In reply to ]
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: FlowSpec and RTBH [ In reply to ]
I see there are two questions here Marcin is asking:

> I was wondering is there a way to export family flow routes (from
> inetflow.0) to non flowspec BGP speaker?

Q1 - Can I advertise Flowspec NLRIs to non Flowspec speakers ? The answer
is clearly "No"

> For example tag Flowspec route with community and advertise this route
with
> different community to blackhole on upstream network (selective RTBH).

Q2 - Can flowspec be tagged with blackhole communities indicating the
actions yet still using match criteria to apply those selectively. The
answer is "Yes" the original 5575 RFC clearly allows so:

A given flow may be associated with a set of attributes, depending on
the particular application; such attributes may or may not include
reachability information (i.e., NEXT_HOP). *Well-known or AS-specific
community attributes can be used to encode a set of predetermined
actions.*


Thx,

R.


On Wed, Oct 16, 2019 at 8:44 PM Jeff Haas via juniper-nsp <
juniper-nsp@puck.nether.net> wrote:

>
>
>
> ---------- Forwarded message ----------
> From: Jeff Haas <jhaas@juniper.net>
> To: "Marcin G?uc" <marcin.gluc@gmail.com>
> Cc: "juniper-nsp@puck.nether.net" <juniper-nsp@puck.nether.net>
> Bcc:
> Date: Wed, 16 Oct 2019 18:44:07 +0000
> Subject: Re: [j-nsp] FlowSpec and RTBH
> Marcin,
>
>
> > On Oct 9, 2019, at 07:26, Marcin G?uc <marcin.gluc@gmail.com> wrote:
> > I was wondering is there a way to export family flow routes (from
> > inetflow.0) to non flowspec BGP speaker?
> > For example tag Flowspec route with community and advertise this route
> with
> > different community to blackhole on upstream network (selective RTBH).
>
> I'm having difficulty following your use case.
>
> Flowspec is its own address family with its own AFI/SAFI and a rather
> nasty format.
>
> Are you asking that some internal component of a flowspec filter, like
> destination, is leaked into another address family?
>
> -- Jeff
>
>
>
>
> ---------- Forwarded message ----------
> From: Jeff Haas via juniper-nsp <juniper-nsp@puck.nether.net>
> To: "Marcin G?uc" <marcin.gluc@gmail.com>
> Cc: "juniper-nsp@puck.nether.net" <juniper-nsp@puck.nether.net>
> Bcc:
> Date: Wed, 16 Oct 2019 18:44:07 +0000
> Subject: Re: [j-nsp] FlowSpec and RTBH
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp