Subject: Rare project developers
List archive
- From: David Schmitz <>
- To:
- Subject: Re: [rare-dev] how to activate netconf
- Date: Tue, 31 Jan 2023 09:04:51 +0100 (CET)
- Authentication-results: postout.lrz.de (amavisd-new); dkim=pass (2048-bit key) reason="pass (just generated, assumed good)" header.d=lrz.de
Hi,
On Mon, 30 Jan 2023, mc36 wrote:
Date: Mon, 30 Jan 2023 18:04:13 +0100More in middle-term or long-term ...
From: mc36 <>
Reply-To:
To: David Schmitz <>,
Subject: Re: [rare-dev] how to activate netconf
On 1/30/23 17:11, David Schmitz wrote:
Unfortunately, currently, FoD internally only supports injecting via NETCONF only.
well it depends what fod does internally... i also saw a whole flowspec folder
full of py files in the geant repo which could nicely fit to exabgp so i have a guess.... :)
(and only tested with JUNIPER routers up-to-now because lacking access to other vendors/models).
The stuff in the ./exabgp sub folder is experimental and not integrated into the
Python code.
This should change in future.
well then we have two paths... if the future is in the near term then flowspec all the way...
if not, then you can start injecting to freerouter via netconf, and it can convert your policy-mapYes, details in the actual use of BGP FlowSpec within and between the routers
to flowspec, but...
our highest end arbor detector even just injects /32 but via flowspec with the addition of the extcomm to divert to dirty vrf...
if your current/planned detector, be that fastnetmon or anything that already supports ipv4/ipv6-unicast to the suspicious flow,
freerouter have the uni2flow... this way you can overcome the limitation.... moreover you can offer a community for your customers
that youras:100 will police to 100k/lc, :200 to 200k/lc and so on... and finally :666 the full rtbh... all over the same current
unicast peerings you already have?
are not just as easy and have certainly a lot of complications.
In the past, I was "only" concerned with FoD - also because of lack of view to the actual routers -
just pushing the FlowSpec rules to a single router
and reading back mitigation counters from all the routers in the back bone.
This did also not involve any diverting as far as FoD is/was concerned.
Just using the dropping facilities the routers offer.
With the NeMo tool, which is envisioned to maybe be also integrated into the use case to design, this will be different and more advanced, of course.
Thanks for all these information.
I will check it and come back to you if questions remain.
Best Regards
David
br,
cs
--
David Schmitz
Boltzmannstrasse 1, 85748 Garching
Telefon: +49 89 35831-8765
Leibniz-Rechenzentrum, Germany
Mail:
- Re: [rare-dev] how to activate netconf, (continued)
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/30/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/31/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/31/2023
- Re: [rare-dev] how to activate netconf, Frédéric LOUI, 01/31/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/31/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/30/2023
- Message not available
- Message not available
- Re: [rare-dev] how to activate netconf, mc36, 01/31/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/31/2023
- Message not available
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
Archive powered by MHonArc 2.6.19.