We're trying to integrate BIRD with our automated DDoS detection and mitigation system. For this we need a way to have our software create static routes (to be more exact blackholes) and add BGP communities to announcements. Is there any way to do using CLI or control socket or would we have to make the software modify the config file and reload BIRD? Matthias Merkel CTO BoltN Hosting Limited c-Level Phone +498941207255 Mobile +4915752259219 Email matthias@boltn-hosting.com Skype matthias_merkel1 Follow us <https://img.beta.newoldstamp.com/r/27887/twitter> <https://img.beta.newoldstamp.com/r/27887/linkedin> <https://img.beta.newoldstamp.com/r/27887/android> <https://img.beta.newoldstamp.com/r/27887/whatsapp>
Matthias Merkel <matthias@boltn-hosting.com> writes:
We're trying to integrate BIRD with our automated DDoS detection and mitigation system. For this we need a way to have our software create static routes (to be more exact blackholes) and add BGP communities to announcements.
Is there any way to do using CLI or control socket or would we have to make the software modify the config file and reload BIRD?
You cannot modify individual configuration parameters from the cli/control socket, you'll have to reload the config file. The model I use for this (in my case to dynamically update BGP filters using bgpq3) is to include additional configuration files from the main config. These additional files contain configuration snippets; mainly variable definitions with lists of networks. These are then used in filters (defined in the main config) to implement the desired policy. -Toke
In our cloud hosting we do simple add ip route to kernel table with blackhole, bird import it and announce to uplink bgp. This is simple and don't need to reload bird. Create route you can via iproute or netlink in you app. вт, 19 июн. 2018 г. в 21:21, Toke Høiland-Jørgensen <toke@toke.dk>:
Matthias Merkel <matthias@boltn-hosting.com> writes:
We're trying to integrate BIRD with our automated DDoS detection and mitigation system. For this we need a way to have our software create static routes (to be more exact blackholes) and add BGP communities to announcements.
Is there any way to do using CLI or control socket or would we have to make the software modify the config file and reload BIRD?
You cannot modify individual configuration parameters from the cli/control socket, you'll have to reload the config file. The model I use for this (in my case to dynamically update BGP filters using bgpq3) is to include additional configuration files from the main config. These additional files contain configuration snippets; mainly variable definitions with lists of networks. These are then used in filters (defined in the main config) to implement the desired policy.
-Toke
-- Vasiliy Tolstov, e-mail: v.tolstov@selfip.ru
On 06/19/2018 11:31 AM, Matthias Merkel wrote:
We're trying to integrate BIRD with our automated DDoS detection and mitigation system. For this we need a way to have our software create static routes (to be more exact blackholes) and add BGP communities to announcements.
Could you have your software modify an alternate kernel routing table that BIRD is monitoring to learn and import from? Do you need these changes to be persistent across daemon restart or host reboot? (Or does your DDoS detection / mitigation system recreate the routes in that case?)
Is there any way to do using CLI or control socket or would we have to make the software modify the config file and reload BIRD? Sorry, I can't speak to that.
-- Grant. . . . unix || die
participants (4)
-
Grant Taylor -
Matthias Merkel -
Toke Høiland-Jørgensen -
Vasiliy Tolstov