Subject: Rare project developers
List archive
- From: mc36 <>
- To: David Schmitz <>,
- Subject: Re: [rare-dev] how to activate netconf
- Date: Mon, 30 Jan 2023 18:09:12 +0100
well so be it flowspec and the hope that once we can upgrade to flowspecv2
all the way :)
On 1/30/23 18:06, mc36 wrote:
ohhh and one more thing, when this whole fwod arrived to geant, we asked for
a flowspec peering on top of our current rtbh...
they refused because we run cisco they run junos and their support strongly
reasoned against doing so...
and well, maybe they were right:
https://www.datacenterdynamics.com/en/news/ip-outage-centurylink-network-caused-flowspec-mitigation-says-cloudflare-ceo/
br,
cs
On 1/30/23 18:04, mc36 wrote:
On 1/30/23 17:11, David Schmitz wrote:
Unfortunately, currently, FoD internally only supports injecting via NETCONF
well it depends what fod does internally... i also saw a whole flowspec folder
full of py files in the geant repo which could nicely fit to exabgp so i have
a guess.... :)
only.
(and only tested with JUNIPER routers up-to-now because lacking access to
other vendors/models).
The stuff in the ./exabgp sub folder is experimental and not integrated into
the
Python code.
This should change in future.
well then we have two paths... if the future is in the near term then
flowspec all the way...
if not, then you can start injecting to freerouter via netconf, and it can
convert your policy-map
to flowspec, but...
our highest end arbor detector even just injects /32 but via flowspec with
the addition of the extcomm to divert to dirty vrf...
if your current/planned detector, be that fastnetmon or anything that already
supports ipv4/ipv6-unicast to the suspicious flow,
freerouter have the uni2flow... this way you can overcome the limitation....
moreover you can offer a community for your customers
that youras:100 will police to 100k/lc, :200 to 200k/lc and so on... and
finally :666 the full rtbh... all over the same current
unicast peerings you already have?
br,
cs
- [rare-dev] how to activate netconf, David Schmitz, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/30/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/31/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/31/2023
- Re: [rare-dev] how to activate netconf, Frédéric LOUI, 01/31/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/31/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/30/2023
- Message not available
- Message not available
- Re: [rare-dev] how to activate netconf, mc36, 01/31/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/31/2023
- Message not available
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
Archive powered by MHonArc 2.6.19.