Rare project developers

[mc36 <>]

hi,
i see in the repo have an exabgp folder... imho that should be explored 
further... :)
if that is what im guessing then the easiest way is to bring up that repo and 
peer exabgp to freerouter...
that is the best way to communicate to a router, and it's universal across 
routing platforms...

but if you still want to netconf freerouter, and originate the rules from 
freerouter, then here we go:

noti(cfg-server)#show running-config this
server telnet tel
 security authentication access
 security rsakey rsa
 security dsakey dsa
 security ecdsakey ecdsa
 second-port 22
 exec timestamp
 exec colorize header
 exec tablemode table
 exec logging
 exec autocommand netconf <----------------- this is the magic
 exec monitor
 no exec authorization
 login authentication access
 login logging
 login last global
 vrf inet
 exit
!

noti(cfg-server)#

everything else just the surrounding to have the ssh and tacacs authed users, 
etc...

this is what i see issuing that command alone in the cli:

noti#netconf
<?xml version="1.0" encoding="UTF-8"?>
                                      <hello 
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><capabilities><capability>urn:ietf:params:netconf:base:1.0</capability><capability>urn:ietf:params:netconf:base:1.1</capability><capability>urn:ietf:params:netconf:capability:writable-running:1.0</capability><capability>urn:ietf:params:netconf:capability:startup:1.0</capability><capability>http://www.freertr.org/yang/freertr-bfd4?module=freertr-bfd4</capability><capability>http://www.freertr.org/yang/freertr-bfd6?module=freertr-bfd6</capability><capability>http://www.freertr.org/yang/freertr-bgp4peer?module=freertr-bgp4peer</capability><capability>http://www.freertr.org/yang/freertr-bgp4perf?module=freertr-bgp4perf</capability><capability>http://www.freertr.org/yang/freertr-bgp6peer?module=freertr-bgp6peer</capability><capability>http://www.freertr.org/yang/freertr-bgp6perf?module=freertr-bgp6perf</capability><capability>http://www.freertr.org/yang/freertr-bmp?module=freertr-bmp</capability><capability>http://www.freertr.org/yang/freertr-check?module=freertr-check</capability><capability>http://www.freertr.org/yang/freertr-disk?module=freertr-disk</capability><capability>http://www.freertr.org/yang/freertr-dvigp4int?module=freertr-dvigp4int</capability><capability>http://www.freertr.org/yang/freertr-dvigp4peer?module=freertr-dvigp4peer</capability><capability>http://www.freertr.org/yang/freertr-dvigp6int?module=freertr-dvigp6int</capability><capability>http://www.freertr.org/yang/freertr-dvigp6peer?module=freertr-dvigp6peer</capability><capability>http://www.freertr.org/yang/freertr-flash?module=freertr-flash</capability><capability>http://www.freertr.org/yang/freertr-gc?module=freertr-gc</capability><capability>http://www.freertr.org/yang/freertr-ifaces?module=freertr-ifaces</capability><capability>http://www.freertr.org/yang/freertr-ifaces?module=freertr-ifaces</capability><capability>http://www.freertr.org/yang/freertr-ifaces?module=freertr-ifaces</capability><capability>http://www.freertr.org/yang/freertr-ifaces?module=freertr-ifaces</capability><capability>http://www.freertr.org/yang/freertr-ldp4nul?module=freertr-ldp4nul</capability><capability>http://www.freertr.org/yang/freertr-ldp4sum?module=freertr-ldp4sum</capability><capability>http://www.freertr.org/yang/freertr-ldp6nul?module=freertr-ldp6nul</capability><capability>http://www.freertr.org/yang/freertr-ldp6sum?module=freertr-ldp6sum</capability><capability>http://www.freertr.org/yang/freertr-lsigp4int?module=freertr-lsigp4int</capability><capability>http://www.freertr.org/yang/freertr-lsigp4peer?module=freertr-lsigp4peer</capability><capability>http://www.freertr.org/yang/freertr-lsigp4perf?module=freertr-lsigp4perf</capability><capability>http://www.freertr.org/yang/freertr-lsigp6int?module=freertr-lsigp6int</capability><capability>http://www.freertr.org/yang/freertr-lsigp6peer?module=freertr-lsigp6peer</capability><capability>http://www.freertr.org/yang/freertr-lsigp6perf?module=freertr-lsigp6perf</capability><capability>http://www.freertr.org/yang/freertr-routing4?module=freertr-routing4</capability><capability>http://www.freertr.org/yang/freertr-routing6?module=freertr-routing6</capability><capability>http://www.freertr.org/yang/freertr-sensor?module=freertr-sensor</capability><capability>http://www.freertr.org/yang/freertr-sys?module=freertr-sys</capability><capability>http://www.freertr.org/yang/freertr-tracker?module=freertr-tracker</capability><capability>http://www.freertr.org/yang/freertr-vrf?module=freertr-vrf</capability></capabilities><session-id>650056842</session-id></hello>
                                      ]]>]]>

it is believed to be browseable/configurable by 
https://github.com/CiscoDevNet/yang-explorer

you can generate any part of the parser to have the yang models, then you can 
import them to the explorer...
some are already there: 
https://github.com/rare-freertr/freeRtr/tree/master/misc/netconf
imho you'll quickly pick up your head around it and be able to do the same 
for policy-map and access-list...
and really thats all what is needed to originate flowspec rules from 
freerouter, if that's the desire... :)

btw, have you got my previous email about the topic?

-------- Forwarded Message --------
Subject: about the current flowspec state
Date: Fri, 27 Jan 2023 12:06:48 +0100
From: mc36 <>
To: ,  <>



br,
cs






On 1/30/23 16:24, David Schmitz wrote:
> Hi,
>
> I am new to the RARE community.
>
> I will be working on a DDoS mitigation use case
> involving BGP FlowSpec.
> There, BGP FlowSpec routes are going to be injected to freertr via 
> NETCONF/ssh, if possible;
> E.g., as currently supported by Firewall-On-Demand 
> (https://github.com/GEANT/FOD).
> The exact details are still to be defined
> (still investigating freertr).
>
>
> Now I have the question how to configure netconf/ssh as a server in freertr?
>
>
> Thanks in Advance
>
> Best Regards
> David