[j-nsp] FlowSpec and RTBH

Robert Raszuk robert at raszuk.net
Thu Oct 17 04:01:10 EDT 2019 

I see there are two questions here Marcin is asking:

> I was wondering is there a way to export family flow routes (from
> inetflow.0) to non flowspec BGP speaker?

Q1 - Can I advertise Flowspec NLRIs to non Flowspec speakers ? The answer
is clearly "No"

> For example tag Flowspec route with community and advertise this route
with
> different community to blackhole on upstream network (selective RTBH).

Q2 - Can flowspec be tagged with blackhole communities indicating the
actions yet still using match criteria to apply those selectively. The
answer is "Yes" the original 5575 RFC clearly allows so:

   A given flow may be associated with a set of attributes, depending on
   the particular application; such attributes may or may not include
   reachability information (i.e., NEXT_HOP).  *Well-known or AS-specific
   community attributes can be used to encode a set of predetermined
   actions.*


Thx,

R.


On Wed, Oct 16, 2019 at 8:44 PM Jeff Haas via juniper-nsp <
juniper-nsp at puck.nether.net> wrote:

>
>
>
> ---------- Forwarded message ----------
> From: Jeff Haas <jhaas at juniper.net>
> To: "Marcin Głuc" <marcin.gluc at gmail.com>
> Cc: "juniper-nsp at puck.nether.net" <juniper-nsp at puck.nether.net>
> Bcc:
> Date: Wed, 16 Oct 2019 18:44:07 +0000
> Subject: Re: [j-nsp] FlowSpec and RTBH
> Marcin,
>
>
> > On Oct 9, 2019, at 07:26, Marcin Głuc <marcin.gluc at gmail.com> wrote:
> > I was wondering is there a way to export family flow routes (from
> > inetflow.0) to non flowspec BGP speaker?
> > For example tag Flowspec route with community and advertise this route
> with
> > different community to blackhole on upstream network (selective RTBH).
>
> I'm having difficulty following your use case.
>
> Flowspec is its own address family with its own AFI/SAFI and a rather
> nasty format.
>
> Are you asking that some internal component of a flowspec filter, like
> destination, is leaked into another address family?
>
> -- Jeff
>
>
>
>
> ---------- Forwarded message ----------
> From: Jeff Haas via juniper-nsp <juniper-nsp at puck.nether.net>
> To: "Marcin Głuc" <marcin.gluc at gmail.com>
> Cc: "juniper-nsp at puck.nether.net" <juniper-nsp at puck.nether.net>
> Bcc:
> Date: Wed, 16 Oct 2019 18:44:07 +0000
> Subject: Re: [j-nsp] FlowSpec and RTBH
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list