Subject: Rare project developers
List archive
- From: David Schmitz <>
- To:
- Subject: Re: [rare-dev] how to activate netconf
- Date: Tue, 31 Jan 2023 16:36:34 +0100 (CET)
- Authentication-results: postout.lrz.de (amavisd-new); dkim=pass (2048-bit key) reason="pass (just generated, assumed good)" header.d=lrz.de
Hi Frederic,
On Tue, 31 Jan 2023, Frédéric LOUI wrote:
Date: Tue, 31 Jan 2023 10:20:09 +0100Ok, I will check this and come back to you.
From: Frédéric LOUI <>
Reply-To:
To:
Subject: Re: [rare-dev] how to activate netconf
Hi David !
Glad to hear that you are making progress at lightning pace :)
I’m curious about the feature enabling use case that NEMO-DDOS can provide ?
If you need IGP topology and even BMP, I just wanted to point out that
freeRtr can provide you both.
Whether using BGP-LS or standard IGP topology, but besides that freeRTr can
has a BNMP server:
http://docs.freertr.org/guides/reference/md/serv-bmp02.tst/
I will also have to ask the colleagues more regarding the potentials of NeMo
for the use case.
Best Regards
David
All the best,
Frederic
Le 31 janv. 2023 à 09:04, David Schmitz <> a écrit :
Hi,
On Mon, 30 Jan 2023, mc36 wrote:
Date: Mon, 30 Jan 2023 18:04:13 +0100More in middle-term or long-term ...
From: mc36 <>
Reply-To:
To: David Schmitz <>,
Subject: Re: [rare-dev] how to activate netconf
On 1/30/23 17:11, David Schmitz wrote:
well it depends what fod does internally... i also saw a whole flowspec folderUnfortunately, currently, FoD internally only supports injecting via NETCONF
full of py files in the geant repo which could nicely fit to exabgp so i have
a guess.... :)
only.
(and only tested with JUNIPER routers up-to-now because lacking access to
other vendors/models).
The stuff in the ./exabgp sub folder is experimental and not integrated into
the
Python code.
This should change in future.
well then we have two paths... if the future is in the near term then
flowspec all the way...
if not, then you can start injecting to freerouter via netconf, and it canYes, details in the actual use of BGP FlowSpec within and between the routers
convert your policy-map
to flowspec, but...
our highest end arbor detector even just injects /32 but via flowspec with
the addition of the extcomm to divert to dirty vrf...
if your current/planned detector, be that fastnetmon or anything that already
supports ipv4/ipv6-unicast to the suspicious flow,
freerouter have the uni2flow... this way you can overcome the limitation....
moreover you can offer a community for your customers
that youras:100 will police to 100k/lc, :200 to 200k/lc and so on... and
finally :666 the full rtbh... all over the same current
unicast peerings you already have?
are not just as easy and have certainly a lot of complications.
In the past, I was "only" concerned with FoD - also because of lack of view
to the actual routers -
just pushing the FlowSpec rules to a single router
and reading back mitigation counters from all the routers in the back bone.
This did also not involve any diverting as far as FoD is/was concerned.
Just using the dropping facilities the routers offer.
With the NeMo tool, which is envisioned to maybe be also integrated into the
use case to design, this will be different and more advanced, of course.
Thanks for all these information.
I will check it and come back to you if questions remain.
Best Regards
David
br,
cs
--
David Schmitz
Boltzmannstrasse 1, 85748 Garching
Telefon: +49 89 35831-8765
Leibniz-Rechenzentrum, Germany
Mail:
--
David Schmitz
Boltzmannstrasse 1, 85748 Garching
Telefon: +49 89 35831-8765
Leibniz-Rechenzentrum, Germany
Mail:
- Re: [rare-dev] how to activate netconf, (continued)
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/31/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/31/2023
- Re: [rare-dev] how to activate netconf, Frédéric LOUI, 01/31/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/31/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/30/2023
- Message not available
- Message not available
- Re: [rare-dev] how to activate netconf, mc36, 01/31/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/31/2023
- Message not available
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/30/2023
Archive powered by MHonArc 2.6.19.