RFC 5575 feasibility check
Hello! RFC5575 and newer RFC8955 define validation procedure for flowspec routes received by BGP protocol. While testing flowspec in bird 2.0.8 I've found strange behavior: # birdc show route protocol BGP4_IPPORT filtered BIRD 2.0.8 ready. Table T4_IPPORT: 185.23.164.48/28 unicast [BGP4_IPPORT 18:02:30.148] * (100) [AS8647i] via 193.25.180.134 on bxe0 -- the unicast route is filtered by import policy. # birdc show route BIRD 2.0.8 ready. Table FLOW4: flow4 { dst 185.23.164.48/28; proto 1; icmp type 8; } [BGP4_IPPORT 18:02:31.214 from 193.25.180.134] * (100) [AS8647i] -- flow route remains. So the question, is feasibility check implemented in bird? Thank you! -- Alexander Shikov Technical Staff, Digital Telecom IX Tel.: +380 44 201 14 07 Mob.: +380 50 410 30 57 http://dtel-ix.net/
On Tue, Sep 21, 2021 at 06:34:31PM +0300, Alexander Shikov wrote:
Hello!
RFC5575 and newer RFC8955 define validation procedure for flowspec routes received by BGP protocol. While testing flowspec in bird 2.0.8 I've found strange behavior:
So the question, is feasibility check implemented in bird?
Hello No, flowspec validation procedure is not implemented in BIRD. But it is a thing we are currently working on. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
participants (2)
-
Alexander Shikov -
Ondrej Zajicek