On Sat, Jul 09, 2022 at 10:44:26AM +0200, Nico Schottelius wrote:
Good morning fellow bird users,
I was wondering how you handle "dynamic reconfigurations" such as rerouting, adding filters, changing the priority of routes in case of attacks?
In particular I wonder if there is a "good way" to tell bird to lower or raise a certain route temporarily, i.e. something that would be reset on a reload? Or to tell bird to forget about specific routes that you want to filter for blackholing certain parts?
So far in case of attacks we usually edit bird.conf, reload bird and after the attacks are done, purge/overwrite the config with our config management (cdist in our case).
This works, but has a bit of a write-reload instead of a set-and-forget behaviour, and I was more looking to something like "set on a switch, but don't issue the write command"-mode.
Any thoughts on this?
Hello Two ideas: 1) Use separate copy of a config file, and then use it as an argument: configure "bird-temp.conf" So your basic configuration stays unchanged. 2) Use some additional kernel routing table for these dynamic routes and import them to BIRD using kernel protocol with 'learn' option. Then add/remove these routes using 'ip' system tool. BTW, your e-mail has date 2022-07-09. but all headers have today date (2022-07-14). -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."