Cannot block flows with BGP FlowSpec
Hello team, In my lab setup I have configured a BIRD v2.0.1 VM to peer with an ExaBGP VM via eBGP. I'm using ExaBGP to send FlowSpec rules to BIRD. BIRD correctly lists the received rules when running 'show route table flowtab4' but the respective flows are not affected (i.e. drop traffic to a destination prefix). Is this because of a configuration issue on my side or BIRD does not implement the required FlowSpec actions? Thank you in advance! Best regards, Giorgos
Hello! On 02/20/2018 12:08 PM, Giorgos Dimopoulos wrote:
I'm using ExaBGP to send FlowSpec rules to BIRD. BIRD correctly lists the received rules when running 'show route table flowtab4' but the respective flows are not affected (i.e. drop traffic to a destination prefix).
Is this because of a configuration issue on my side or BIRD does not implement the required FlowSpec actions?
BIRD doesn't implement this feature. We support only resending the flowspec rules in Route Reflector mode and also injecting them via the static pseudoprotocol. Insertion of the rules into kernel is not implemented. It is a feature on our nice-to-have list but we aren't working on it. Maria
Understood, thank you for clarifying this! Giorgos On 20/02/18 12:45, Jan Maria Matejka wrote:
Hello!
On 02/20/2018 12:08 PM, Giorgos Dimopoulos wrote:
I'm using ExaBGP to send FlowSpec rules to BIRD. BIRD correctly lists the received rules when running 'show route table flowtab4' but the respective flows are not affected (i.e. drop traffic to a destination prefix).
Is this because of a configuration issue on my side or BIRD does not implement the required FlowSpec actions? BIRD doesn't implement this feature. We support only resending the flowspec rules in Route Reflector mode and also injecting them via the static pseudoprotocol.
Insertion of the rules into kernel is not implemented. It is a feature on our nice-to-have list but we aren't working on it.
Maria
participants (2)
-
Giorgos Dimopoulos -
Jan Maria Matejka