Rare project developers

[Frédéric LOUI <>]

Hi David !

Glad to hear that you are making progress at lightning pace :)
I’m curious about the feature enabling use case that NEMO-DDOS can provide ?

If you need IGP topology and even BMP, I just wanted to point out that 
freeRtr can provide you both.
Whether using BGP-LS or standard IGP topology, but besides that freeRTr can 
has a BNMP server:

http://docs.freertr.org/guides/reference/md/serv-bmp02.tst/

All the best,
Frederic

> Le 31 janv. 2023 à 09:04, David Schmitz <> a écrit :
> 
> Hi,
> 
> On Mon, 30 Jan 2023, mc36 wrote:
> 
>> Date: Mon, 30 Jan 2023 18:04:13 +0100
>> From: mc36 <>
>> Reply-To: 
>> To: David Schmitz <>, 
>> Subject: Re: [rare-dev] how to activate netconf
>> 
>> On 1/30/23 17:11, David Schmitz wrote:
>>>> well it depends what fod does internally... i also saw a whole flowspec 
>>>> folder
>>>> full of py files in the geant repo which could nicely fit to exabgp so i 
>>>> have a guess.... :)
>>> Unfortunately, currently, FoD internally only supports injecting via 
>>> NETCONF only.
>>> (and only tested with JUNIPER routers up-to-now because lacking access to 
>>> other vendors/models).
>>> The stuff in the ./exabgp sub folder is experimental and not integrated 
>>> into the
>>> Python code.
>>> This should change in future.
>> 
>> well then we have two paths... if the future is in the near term then 
>> flowspec all the way...
> More in middle-term or long-term ...
> 
>> if not, then you can start injecting to freerouter via netconf, and it can 
>> convert your policy-map
>> to flowspec, but...
>> 
>> our highest end arbor detector even just injects /32 but via flowspec with 
>> the addition of the extcomm to divert to dirty vrf...
>> 
>> if your current/planned detector, be that fastnetmon or anything that 
>> already supports ipv4/ipv6-unicast to the suspicious flow,
>> 
>> freerouter have the uni2flow... this way you can overcome the 
>> limitation.... moreover you can offer a community for your customers
>> that youras:100 will police to 100k/lc, :200 to 200k/lc and so on... and 
>> finally :666 the full rtbh... all over the same current
>> unicast peerings you already have?
> Yes, details in the actual use of BGP FlowSpec within and between the 
> routers
> are not just as easy and have certainly a lot of complications.
> 
> In the past, I was "only" concerned with FoD - also because of lack of view 
> to the actual routers -
> just pushing the FlowSpec rules to a single router
> and reading back mitigation counters from all the routers in the back bone.
> 
> This did also not involve any diverting as far as FoD is/was concerned.
> Just using the dropping facilities the routers offer.
> With the NeMo tool, which is envisioned to maybe be also integrated into 
> the use case to design, this will be different and more advanced, of course.
> 
> 
> Thanks for all these information.
> I will check it and come back to you if questions remain.
> 
> Best Regards
> David
> 
>> 
>> br,
>> cs
>> 
> 
> -- 
> 
> David Schmitz
> 
> Boltzmannstrasse 1, 85748 Garching
> Telefon:   +49 89 35831-8765
> Leibniz-Rechenzentrum, Germany
> Mail:  
> 
>