Dynamic reconfigurations of bird - how?
Good morning fellow bird users, I was wondering how you handle "dynamic reconfigurations" such as rerouting, adding filters, changing the priority of routes in case of attacks? In particular I wonder if there is a "good way" to tell bird to lower or raise a certain route temporarily, i.e. something that would be reset on a reload? Or to tell bird to forget about specific routes that you want to filter for blackholing certain parts? So far in case of attacks we usually edit bird.conf, reload bird and after the attacks are done, purge/overwrite the config with our config management (cdist in our case). This works, but has a bit of a write-reload instead of a set-and-forget behaviour, and I was more looking to something like "set on a switch, but don't issue the write command"-mode. Any thoughts on this? Best regards, Nico -- Sustainable and modern Infrastructures by ungleich.ch
On Sat, Jul 09, 2022 at 10:44:26AM +0200, Nico Schottelius wrote:
Good morning fellow bird users,
I was wondering how you handle "dynamic reconfigurations" such as rerouting, adding filters, changing the priority of routes in case of attacks?
In particular I wonder if there is a "good way" to tell bird to lower or raise a certain route temporarily, i.e. something that would be reset on a reload? Or to tell bird to forget about specific routes that you want to filter for blackholing certain parts?
So far in case of attacks we usually edit bird.conf, reload bird and after the attacks are done, purge/overwrite the config with our config management (cdist in our case).
This works, but has a bit of a write-reload instead of a set-and-forget behaviour, and I was more looking to something like "set on a switch, but don't issue the write command"-mode.
Any thoughts on this?
Hello Two ideas: 1) Use separate copy of a config file, and then use it as an argument: configure "bird-temp.conf" So your basic configuration stays unchanged. 2) Use some additional kernel routing table for these dynamic routes and import them to BIRD using kernel protocol with 'learn' option. Then add/remove these routes using 'ip' system tool. BTW, your e-mail has date 2022-07-09. but all headers have today date (2022-07-14). -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
I remember talking a little bit about something similar in the past here on the list. Something I had suggested, which I already use to a certain extent, is to separate the settings of different snippets into different files, with includes. For example, everything that is common is in a main file. Everything that is downstream prefix-list is each one in its file (Ex: AS1234_prefix.conf)
From a settings organization point of view, this helps a lot! It also makes it easy to see in git which files have changed over time.
But that doesn't change the BIRD reload at all. Unfortunately. Em qui., 14 de jul. de 2022 às 10:04, Nico Schottelius < nico.schottelius@ungleich.ch> escreveu:
Good morning fellow bird users,
I was wondering how you handle "dynamic reconfigurations" such as rerouting, adding filters, changing the priority of routes in case of attacks?
In particular I wonder if there is a "good way" to tell bird to lower or raise a certain route temporarily, i.e. something that would be reset on a reload? Or to tell bird to forget about specific routes that you want to filter for blackholing certain parts?
So far in case of attacks we usually edit bird.conf, reload bird and after the attacks are done, purge/overwrite the config with our config management (cdist in our case).
This works, but has a bit of a write-reload instead of a set-and-forget behaviour, and I was more looking to something like "set on a switch, but don't issue the write command"-mode.
Any thoughts on this?
Best regards,
Nico
-- Sustainable and modern Infrastructures by ungleich.ch
-- Douglas Fernando Fischer Engº de Controle e Automação
participants (3)
-
Douglas Fischer -
Nico Schottelius -
Ondrej Zajicek