<html><head>
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-15">
</head>
<body bgcolor="#FFFFFF" text="#000000">Hello!<br><br>Well, RFC 5575 doesn't explicitly say that the flowspec rule must contain the destination chunk, anyway it specifies that these rules should be understood as additional information for unicast BGP prefixes.<br><br>Therefore we assume that the dst is de facto mandatory, despite de iure it is optional.<br><br>If there are more benevolent implementations, we may think about waiving this. I think we don't have any strong position on that, we just assume that flowspec is used in the way the RFC says which assumes dst always present. <br><br>Maria <br><br><div class="gmail_quote">On February 5, 2020 8:44:54 PM GMT+01:00, "Alex D." <listensammler@gmx.de> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Hi,<br>
does anybody know something about the behavior observed ?<br>
Regards,<br>
Alex<br>
<br>
-------- Original-Nachricht --------
<table class="moz-email-headers-table" border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<th align="RIGHT" nowrap valign="BASELINE">Betreff: </th>
<td>BGP session closed after receipt of flowspec route without
destination prefix</td>
</tr>
<tr>
<th align="RIGHT" nowrap valign="BASELINE">Datum: </th>
<td>Fri, 24 Jan 2020 21:33:17 +0100</td>
</tr>
<tr>
<th align="RIGHT" nowrap valign="BASELINE">Von: </th>
<td>Alex D. <a class="moz-txt-link-rfc2396E" href="mailto:listensammler@gmx.de"><listensammler@gmx.de></a></td>
</tr>
<tr>
<th align="RIGHT" nowrap valign="BASELINE">An: </th>
<td><a class="moz-txt-link-abbreviated" href="mailto:bird-users@network.cz">bird-users@network.cz</a></td>
</tr>
</tbody>
</table>
<br>
<br>
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-15">
Hi,<br>
<br>
i configured the following flowspec route on a Juniper router:<br>
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-15">
<meta name="ProgId" content="PowerPoint.Slide">
<meta name="Generator" content="Microsoft PowerPoint 14">
route v6test {<br>
match {<br>
source 2a02:xxxx:xxxx:xxxx::1/128;<br>
}<br>
then discard;<br>
}<br>
<br>
The route was accepted on my Juniper router and blocked all traffic
from src ip 2a02:xxxx:xxxx:xxxx::1 as expected. After advertising
the route, BIRD closed the BGP session. Is this an expected
behaviour, means does is it necessary, that a dst prefix for a
flowspec route must exist ?<br>
<br>
Log:<br>
2020-01-24 09:52:26.750 <RMT> vs_dis_r1_6838: No dst prefix at
first pos<br>
2020-01-24 09:52:26.750 <RMT> vs_dis_r1_6838: Error: Malformed
attribute list<br>
2020-01-24 09:52:26.750 <TRACE> vs_dis_r1_6838: BGP session
closed<br>
<br>
BIRD accepted the route after changing to:<br>
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-15">
<meta name="ProgId" content="PowerPoint.Slide">
<meta name="Generator" content="Microsoft PowerPoint 14">
route v6test {<br>
match {<br>
destination ::/0;<br>
source 2a02:xxxx:xxxx:xxxx::1/128;<br>
}<br>
then discard;<br>
}<br>
<br>
Regards,<br>
Alex<br>
<br>
</blockquote></div><br>-- <br>Sent from my Android device with K-9 Mail. Please excuse my brevity.</body></html>