flowspec route specification
Hello! I'm trying to inject flowspec routes from bird to Juniper MX box: route flow4 { dst 109.68.40.15/32; proto 17; dport 53; } { bgp_ext_community.add( (generic, 0x80060000, 0x0 ) ); }; route flow4 { dst 109.68.40.16/32; proto 17; dport 123; } { bgp_ext_community.add( (generic, 0x80060000, 0x000098968 ) ); }; The second flow specification should apply traffic-rate to traffic, but on Juniper these two flow routes have the same community: minotaur@br1-ki# run show route table DDoS-Mitigation.inetflow.0 detail |match "entry|Comm" 109.68.40.15,*,proto=17,dstport=53/term:3 (1 entry, 1 announced) Communities: traffic-rate:0:0 109.68.40.16,*,proto=17,dstport=123/term:4 (1 entry, 1 announced) Communities: traffic-rate:0:0 Can anyone explain how to correctly set rate-limiting to, for example, 5 Mbps in second specification? Thank you! -- Alexander Shikov Technical Staff, Digital Telecom IX Tel.: +380 44 201 14 07 Mob.: +380 50 410 30 57 http://dtel-ix.net/
On Mon, Feb 28, 2022 at 02:02:58AM +0200, Alexander Shikov wrote:
Hello!
I'm trying to inject flowspec routes from bird to Juniper MX box:
route flow4 { dst 109.68.40.15/32; proto 17; dport 53; } { bgp_ext_community.add( (generic, 0x80060000, 0x0 ) ); };
route flow4 { dst 109.68.40.16/32; proto 17; dport 123; } { bgp_ext_community.add( (generic, 0x80060000, 0x000098968 ) ); };
The second flow specification should apply traffic-rate to traffic, but on Juniper these two flow routes have the same community:
Hello Note that the traffic-rate community uses floating point and not fixed point representation, so 0x98968 is almost zero. See https://bird.network.cz/pipermail/bird-users/2018-June/012485.html (It also contains a link to a FP32 convertor.) -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
On Mon, Feb 28, 2022 at 04:47:06 +0100, Ondrej Zajicek wrote:
On Mon, Feb 28, 2022 at 02:02:58AM +0200, Alexander Shikov wrote:
Hello!
I'm trying to inject flowspec routes from bird to Juniper MX box:
route flow4 { dst 109.68.40.15/32; proto 17; dport 53; } { bgp_ext_community.add( (generic, 0x80060000, 0x0 ) ); };
route flow4 { dst 109.68.40.16/32; proto 17; dport 123; } { bgp_ext_community.add( (generic, 0x80060000, 0x000098968 ) ); };
The second flow specification should apply traffic-rate to traffic, but on Juniper these two flow routes have the same community:
Hello
Note that the traffic-rate community uses floating point and not fixed point representation, so 0x98968 is almost zero. See
https://bird.network.cz/pipermail/bird-users/2018-June/012485.html
(It also contains a link to a FP32 convertor.)
Thank you, Ondrej! -- Alexander Shikov Technical Staff, Digital Telecom IX Tel.: +380 44 201 14 07 Mob.: +380 50 410 30 57 http://dtel-ix.net/
participants (2)
-
Alexander Shikov -
Ondrej Zajicek