Subject: Rare project developers
List archive
- From: David Schmitz <>
- To:
- Subject: Re: [rare-dev] how to activate netconf
- Date: Tue, 31 Jan 2023 09:06:28 +0100 (CET)
- Authentication-results: postout.lrz.de (amavisd-new); dkim=pass (2048-bit key) reason="pass (just generated, assumed good)" header.d=lrz.de
Hi,
On Mon, 30 Jan 2023, mc36 wrote:
Date: Mon, 30 Jan 2023 18:06:46 +0100Yes, obviously a lot of potential complications with FlowSpec,
From: mc36 <>
Reply-To:
To: David Schmitz <>,
Subject: Re: [rare-dev] how to activate netconf
ohhh and one more thing, when this whole fwod arrived to geant, we asked for a flowspec peering on top of our current rtbh...
they refused because we run cisco they run junos and their support strongly reasoned against doing so...
and well, maybe they were right: https://www.datacenterdynamics.com/en/news/ip-outage-centurylink-network-caused-flowspec-mitigation-says-cloudflare-ceo/
br,
if used between networks and between different vendors.
Best Regards
David
cs
On 1/30/23 18:04, mc36 wrote:
On 1/30/23 17:11, David Schmitz wrote:
Unfortunately, currently, FoD internally only supports injecting via NETCONF only.
well it depends what fod does internally... i also saw a whole flowspec folder
full of py files in the geant repo which could nicely fit to exabgp so i have a guess.... :)
(and only tested with JUNIPER routers up-to-now because lacking access to other vendors/models).
The stuff in the ./exabgp sub folder is experimental and not integrated into the
Python code.
This should change in future.
well then we have two paths... if the future is in the near term then flowspec all the way...
if not, then you can start injecting to freerouter via netconf, and it can convert your policy-map
to flowspec, but...
our highest end arbor detector even just injects /32 but via flowspec with the addition of the extcomm to divert to dirty vrf...
if your current/planned detector, be that fastnetmon or anything that already supports ipv4/ipv6-unicast to the suspicious flow,
freerouter have the uni2flow... this way you can overcome the limitation.... moreover you can offer a community for your customers
that youras:100 will police to 100k/lc, :200 to 200k/lc and so on... and finally :666 the full rtbh... all over the same current
unicast peerings you already have?
br,
cs
--
David Schmitz
Boltzmannstrasse 1, 85748 Garching
Telefon: +49 89 35831-8765
Leibniz-Rechenzentrum, Germany
Mail:
- Re: [rare-dev] how to activate netconf, (continued)
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/30/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/31/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/31/2023
- Re: [rare-dev] how to activate netconf, Frédéric LOUI, 01/31/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/31/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/30/2023
- Message not available
- Message not available
- Re: [rare-dev] how to activate netconf, mc36, 01/31/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/31/2023
- Message not available
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
Archive powered by MHonArc 2.6.19.