nanog mailing list archives

Re: BGP FLowspec to Yang/Yaml ACL

From: Douglas Fischer <fischerdouglas () gmail com>
Date: Tue, 16 Jun 2020 15:46:33 -0300

Just a complementary demonstration of a cenário we this "bgpfs2acl" been
used.
https://youtu.be/8pNZJUHlRPk

Em ter., 16 de jun. de 2020 às 15:39, Douglas Fischer <
fischerdouglas () gmail com> escreveu:

We were looking for some way to implement BGP Flowspec Filtering(just the
permit/deny basic) using L3 switches  in an automated way.

Searching a bit we found https://github.com/ios-xr/bgpfs2acl

Is almost what we are looking for!
But is focused on Cisco devices.

We even considered fork it to our specific vendor.
But before reinventing the wheel, I decide to ask to colleagues if anybody
knows some tool that converts BGP Flowspec ACLs into YAML or even to YANG.

If that exists, with Ansible/Netconf/RestConf(or some similar tool), it
would be easy to delegate to Switchs doing the basic filtering that only
More expensive Routers can do by now.


P.S.: This Idea does not include(on the first moment) more
complex features of Flowspec like Redirect ou Rate-Limt.

Any suggestions or ideas?




--
Douglas Fernando Fischer
Engº de Controle e Automação



-- 
Douglas Fernando Fischer
Engº de Controle e Automação

Current thread:

BGP FLowspec to Yang/Yaml ACL Douglas Fischer (Jun 16)
- Re: BGP FLowspec to Yang/Yaml ACL Douglas Fischer (Jun 16)
- RE: BGP FLowspec to Yang/Yaml ACL adamv0025 (Jun 17)
- Re: BGP FLowspec to Yang/Yaml ACL Tim Jackson (Jun 17)