BGP flowspec injector is exabgp and can be found @ http://code.google.com/p/exabgp/
Topology:
Juniper MX960 <--- bgp peering ---> exabgp (installed on Ubuntu 10.10)
Junos cfg:
lab@MX960_lab# show
import accept-all;
family inet {
flow {
no-validate accept-all;
}
}
peer-as 65000;
neighbor 192.168.200.208;
Exabgp cfg:
lab@lab-virtual-machine:/usr/local/etc/bgp$ cat mx960.txt
neighbor 192.168.200.77 {
description "mx960 router";
router-id 192.168.200.208;
local-address 192.168.200.208;
local-as 65000;
peer-as 65534;
hold-time 180;
flow {
route optional-name-of-the-route {
match {
source 10.11.11.5/32;
destination 192.168.200.208/32;
# port =80 =8080;
# destination-port >8080&<8088 =3128;
# source-port >1024;
# protocol [ tcp udp ];
# protocol tcp;
# packet-length >200&<300 >400&<500;
# fragment not-a-fragment;
# fragment [ first-fragment last-fragment ];
# icmp-type [ unreachable echo-request echo-reply ];
# icmp-code [ host-unreachable network-unreachable ];
# tcp-flags [ urgent rst ];
# dscp [ 10 20 ];
}
then {
# rate-limit 9600;
discard;
# redirect 65500:12345;
# redirect 1.2.3.4:5678;
}
}
}
}
To start exabgp:
lab@lab-virtual-machine:/usr/local/etc/bgp$ bgpd mx960.txt
Thu, 24 Mar 2011 14:04:58 INFO 3491 configuration performing reload
Thu, 24 Mar 2011 14:04:58 INFO 3491 supervisor New Peer 192.168.200.77
Thu, 24 Mar 2011 14:04:58 INFO 3491 configuration loaded new configuration successfully
Thu, 24 Mar 2011 14:04:59 INFO 3491 message Peer 192.168.200.77 ASN 65534 >> OPEN version=4 asn=65000 hold_time=180 router_id=192.168.200.208 capabilities=[Multiprotocol for IPv4 flow-ipv4, 4Bytes AS 65000]
Thu, 24 Mar 2011 14:05:00 INFO 3491 message Peer 192.168.200.77 ASN 65534 << OPEN version=4 asn=65534 hold_time=180 router_id=172.16.0.1 capabilities=[Cisco Route Refresh, Multiprotocol for IPv4 flow-ipv4, Route Refresh, Graceful Restart, 4Bytes AS 65534]
Thu, 24 Mar 2011 14:05:01 INFO 3491 message Peer 192.168.200.77 ASN 65534 >> KEEPALIVE
Thu, 24 Mar 2011 14:05:02 INFO 3491 message Peer 192.168.200.77 ASN 65534 << KEEPALIVE
Thu, 24 Mar 2011 14:05:02 INFO 3491 message Peer 192.168.200.77 ASN 65534 >> UPDATE (update)
Thu, 24 Mar 2011 14:05:02 INFO 3491 message Peer 192.168.200.77 ASN 65534 >> 1 UPDATE(s)
Thu, 24 Mar 2011 14:05:02 INFO 3491 message Peer 192.168.200.77 ASN 65534 << KEEPALIVE
To restart exabgp:
lab@lab-virtual-machine:/usr/local/etc/bgp$ ps -fax | grep bgpd
Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
3490 pts/1 S+ 0:00 \_ grep --color=auto bgpd
3054 ? S 1:14 /usr/bin/python /usr/local/bin/bgpd mx960.txt
lab@lab-virtual-machine:/usr/local/etc/bgp$ kill 3054
lab@MX960_lab> show route table inetflow.0 extensive
inetflow.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
Restart Complete
3.3.33.3,* (1 entry, 1 announced)
TSI:
KRT in dfwd
*Flow Preference: 5
Next hop type: Fictitious
Next-hop reference count: 2
State:
Local AS: 65534
Age: 1d 2:37:43
Task: RT Flow
Announcement bits (1): 0-Flow
AS path: I
Communities: traffic-rate:0:10000
192.168.200.208,10.11.11.5 (1 entry, 1 announced)
TSI:
KRT in dfwd
*BGP Preference: 170/-101
Next hop type: Fictitious
Next-hop reference count: 2
State:
Local AS: 65534 Peer AS: 65000
Age: 18:08:14
Task: BGP_65000.192.168.200.208+45985
Announcement bits (1): 0-Flow
AS path: 65000 I
Communities: traffic-rate:0:0
Accepted
Localpref: 100
Router ID: 192.168.200.208
And the traffic is discarded from source 10.11.11.5 to 192.168.200.208 as shown on the filter:
lab@MX960_lab> show firewall filter __flowspec_default_inet__
Filter: __flowspec_default_inet__
Counters:
Name Bytes Packets
3.3.33.3,* 0 0
192.168.200.208,10.11.11.5 42168 502
Policers:
Name Packets
3.3.33.3,* 0
