RARE user and assistance email list

["David Schmitz" <>]

Hi Csaba,

On Wed, 7 Jun 2023, mc36 wrote:

> Date: Wed, 7 Jun 2023 10:19:07 +0200
> From: mc36 <>
> To: , 
> Subject: Re: [freertr] Issues with actual FlowSpec filtering,
>     especially for rules announced via exabgp (fwd)
>
> back to the newer flowspecs, all should be in the src/todo.txt  imho so once 
> they'll surely happen... i swear!
Great.

So, on the long-term, let's discuss with Frederic and other DDoS-related 
stakeholders,
e.g., the NeMo developers, what might be useful and benefit-al for us 
regarding here to put effort in and actually when.

Best Regards
David

> br,
> cs
>
> On 6/7/23 10:18, mc36 wrote:
> > and this and the re-re-mentioned bgp-compressed-updates are pretty 
> > interesting drafts because
> >
> > they're unique bgp message _types_ and this _is_ an idr draft sooo it 
> > cannot be that bad...
> >
> > imho there is no other router stack out there that do process etc all the 
> > 1..7 bgp message types at the same time...
> >
> > all covered by interops, etc... (this msg#6 is not yet, but we'll see if 
> > the paloalto guys or the idr responds...)
> >
> > br,
> >
> > cs
> >
> > On 6/7/23 10:16, mc36 wrote:
> > > tbh it was 2 days 4 me to dynamically enable/disable ipv4 fulltable
> > >
> > > https://groups.io/g/freertr/message/1376
> > >
> > > https://groups.io/g/freertr/message/1319
> > >
> > > and the line encoding of these newer flowspec afis are almost the same / 
> > > extensions to the predecessors,
> > >
> > > (i mean most of rtr/rtrbgpflowspec* are reuseable, refactorable....)
> > >
> > > so imho having all these is just another weekend project here while 
> > > keeping backwards compatibility with v1....
> > >
> > > br,
> > >
> > > cs
> > >
> > > On 6/7/23 10:13, David Schmitz wrote:
> > > > Hi Csaba,
> > > >
> > > > On Wed, 7 Jun 2023, mc36 wrote:
> > > >
> > > > > Date: Wed, 7 Jun 2023 10:07:55 +0200
> > > > > From: mc36 <>
> > > > > To: , 
> > > > > Subject: Re: [freertr] Issues with actual FlowSpec filtering,
> > > > >        especially for rules announced via exabgp (fwd)
> > > > >
> > > > > as this is a new afi finally, i personally consider it flowspec v3 as 
> > > > > user interface
> > > > > (be it vpn or internet) is layer3, a /24 or a /30 peering interface...
> > > > >
> > > > > brifly reading the first some versions when i noticed this, it's more 
> > > > > promising than flowspec v2 and v1...
> > > > >
> > > > > so once this or v2 gets the number and a vendor comes up with some code, 
> > > > > imho rare/freertr will have the
> > > > >
> > > > > config knob to apply this to any interface basically.... once i 
> > > > > route-target import the policy-map,
> > > > >
> > > > > then i can apply that policy-map even to the loopback0 dont i? 
> > > > > :)))))))))))))))))))))))
> > > > This sounds promising.
> > > >
> > > > Unfortunately, until then, we have to keep with FlowSpec v1.
> > > >
> > > > Best Regards
> > > > David
> > > >
> > > > > br,
> > > > >
> > > > > cs
> > > > >
> > > > > On 6/7/23 10:04, David Schmitz wrote:
> > > > > > > hmm and well, after some rest, if not flowspec v2 as suggested b4, 
> > > > > > > flowspec for layer2 vpns like
> > > > > > >
> > > > > > > https://datatracker.ietf.org/doc/draft-ietf-idr-flowspec-l2vpn/
> > > > > > >
> > > > > > > should also happen, etc.. this seems a more active draft and a 
> > > > > > > different bgp safi finally... :)
> > > > > > This is a good point.
> > > > > >
> > > > > > I have no experience with FlowSpec v2.
> > > > > > I am not sure whether exabgp has support for it yet.
> > > > > >
> > > > > > Let's see how we can progress regarding this in future...

--

David Schmitz

Boltzmannstrasse 1, 85748 Garching
Telefon:   +49 89 35831-8765
Leibniz-Rechenzentrum, Germany
Mail:  




-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#1405): https://groups.io/g/freertr/message/1405
Mute This Topic: https://groups.io/mt/99364239/6413194
Group Owner: 
Unsubscribe: https://groups.io/g/freertr/unsub []
-=-=-=-=-=-=-=-=-=-=-=-