Rare project developers

[David Schmitz <>]

Hi Frederic,

On Tue, 31 Jan 2023, Frédéric LOUI wrote:

> Date: Tue, 31 Jan 2023 10:20:09 +0100
> From: Frédéric LOUI <>
> Reply-To: 
> To: 
> Subject: Re: [rare-dev] how to activate netconf
>
> Hi David !
>
> Glad to hear that you are making progress at lightning pace :)
> I’m curious about the feature enabling use case that NEMO-DDOS can provide ?
>
> If you need IGP topology and even BMP, I just wanted to point out that 
> freeRtr can provide you both.
> Whether using BGP-LS or standard IGP topology, but besides that freeRTr can 
> has a BNMP server:
>
> http://docs.freertr.org/guides/reference/md/serv-bmp02.tst/
Ok, I will check this and come back to you.
I will also have to ask the colleagues more regarding the potentials of NeMo 
for the use case.

Best Regards
David

> All the best,
> Frederic
>
> > Le 31 janv. 2023 à 09:04, David Schmitz <> a écrit :
> >
> > Hi,
> >
> > On Mon, 30 Jan 2023, mc36 wrote:
> >
> > > Date: Mon, 30 Jan 2023 18:04:13 +0100
> > > From: mc36 <>
> > > Reply-To: 
> > > To: David Schmitz <>, 
> > > Subject: Re: [rare-dev] how to activate netconf
> > >
> > > On 1/30/23 17:11, David Schmitz wrote:
> > > > > well it depends what fod does internally... i also saw a whole flowspec folder
> > > > > full of py files in the geant repo which could nicely fit to exabgp so i have 
> > > > > a guess.... :)
> > > > Unfortunately, currently, FoD internally only supports injecting via NETCONF 
> > > > only.
> > > > (and only tested with JUNIPER routers up-to-now because lacking access to 
> > > > other vendors/models).
> > > > The stuff in the ./exabgp sub folder is experimental and not integrated into 
> > > > the
> > > > Python code.
> > > > This should change in future.
> > >
> > > well then we have two paths... if the future is in the near term then 
> > > flowspec all the way...
> > More in middle-term or long-term ...
> >
> > > if not, then you can start injecting to freerouter via netconf, and it can 
> > > convert your policy-map
> > > to flowspec, but...
> > >
> > > our highest end arbor detector even just injects /32 but via flowspec with 
> > > the addition of the extcomm to divert to dirty vrf...
> > >
> > > if your current/planned detector, be that fastnetmon or anything that already 
> > > supports ipv4/ipv6-unicast to the suspicious flow,
> > >
> > > freerouter have the uni2flow... this way you can overcome the limitation.... 
> > > moreover you can offer a community for your customers
> > > that youras:100 will police to 100k/lc, :200 to 200k/lc and so on... and 
> > > finally :666 the full rtbh... all over the same current
> > > unicast peerings you already have?
> > Yes, details in the actual use of BGP FlowSpec within and between the routers
> > are not just as easy and have certainly a lot of complications.
> >
> > In the past, I was "only" concerned with FoD - also because of lack of view 
> > to the actual routers -
> > just pushing the FlowSpec rules to a single router
> > and reading back mitigation counters from all the routers in the back bone.
> >
> > This did also not involve any diverting as far as FoD is/was concerned.
> > Just using the dropping facilities the routers offer.
> > With the NeMo tool, which is envisioned to maybe be also integrated into the 
> > use case to design, this will be different and more advanced, of course.
> >
> >
> > Thanks for all these information.
> > I will check it and come back to you if questions remain.
> >
> > Best Regards
> > David
> >
> > > br,
> > > cs
> >
> > --
> >
> > David Schmitz
> >
> > Boltzmannstrasse 1, 85748 Garching
> > Telefon:   +49 89 35831-8765
> > Leibniz-Rechenzentrum, Germany
> > Mail:  

--

David Schmitz

Boltzmannstrasse 1, 85748 Garching
Telefon:   +49 89 35831-8765
Leibniz-Rechenzentrum, Germany
Mail: