announce flowspec route with encoder text
393 views
Skip to first unread message
00_tlb_00
Dec 27, 2017, 3:46:02 PM12/27/17
to exabgp-users
We are receiving flowspec route in JSON format. Our thought is that we could use "string" : "flow source-ipv4 172.18.11.114/32 destination-port =9999" to construct our flowspec route and announce. Can someone please provide an example format of announcing a flowspec route in text format. Note we are successfully able to announce an ipv4 unicast route in text format. Below we've provided example received flowspec route, configuration file and error message.
-----
{
"_id" : ObjectId("5a296e57d6199835224fd7e7"),
"counter" : 3,
"pid" : 13584,
"exabgp" : "4.0.1",
"host" : "exabgp01",
"neighbor" : {
"direction" : "receive",
"message" : {
"update" : {
"attribute" : {
"origin" : "igp",
"local-preference" : 100,
"extended-community" : [
{
"string" : "rate-limit:96",
"value" : "9225340945472421888"
}
]
},
"announce" : {
"ipv4 flow" : {
"no-nexthop" : [
{
"destination-port" : [
"=9999"
],
"source-ipv4" : [
],
"string" : "flow source-ipv4 172.18.11.114/32 destination-port =9999"
}
]
}
}
}
},
"asn" : {
"peer" : 65534,
"local" : 65534
},
"address" : {
"peer" : “172.18.11.208”,
"local" : "172.18.11.211"
}
}
-----
process syslog {
run /usr/bin/python /home/core/devops/ebgp-flowspec/ddos-peer.py;
encoder json;
}
process announce-routes {
run /opt/exabgp/run/exabgp-app.py;
encoder text;
}
neighbor 172.18.11.208 {
description "flowspec-rtr-ddos-01";
hold-time 180;
listen 179;
peer-as 65534;
router-id 172.18.11.211;
local-as 65534;
local-address 172.18.11.211;
api {
processes [ syslog ];
neighbor-changes;
receive {
parsed;
update;
}
}
api {
processes [ announce-routes ];
}
}
------
example #1
Fri, 15 Dec 2017 08:36:58 8742 process command from process announce-routes : announce flow match destination 172.18.11.114/32 destination-port =80
Fri, 15 Dec 2017 08:36:58 8742 reactor async | announce-routes | announce flow match destination 172.18.11.114/32 destination-port =80
Fri, 15 Dec 2017 08:36:58 8742 configuration . match | 'destination' '172.18.11.114/32' 'destination-port' '=80'
Fri, 15 Dec 2017 08:36:58 8742 configuration
Fri, 15 Dec 2017 08:36:58 8742 configuration syntax error in api command
Fri, 15 Dec 2017 08:36:58 8742 configuration line 1: match destination 172.18.11.114/32 destination-port =80 ;
Fri, 15 Dec 2017 08:36:58 8742 configuration
Fri, 15 Dec 2017 08:36:58 8742 configuration invalid keyword "match"
Fri, 15 Dec 2017 08:36:58 8742 api command could not parse flow in : announce flow match destination 172.18.11.114/32 destination-port =80
Fri, 15 Dec 2017 08:36:58 8742 api reason: invalid keyword "match"
Fri, 15 Dec 2017 08:36:58 8742 process responding to announce-routes : error
Fri, 15 Dec 2017 08:36:58 8742 reactor async | announce-routes | announce flow match destination 172.18.11.114/32 destination-port =80
Fri, 15 Dec 2017 08:36:58 8742 configuration . match | 'destination' '172.18.11.114/32' 'destination-port' '=80'
Fri, 15 Dec 2017 08:36:58 8742 configuration
Fri, 15 Dec 2017 08:36:58 8742 configuration syntax error in api command
Fri, 15 Dec 2017 08:36:58 8742 configuration line 1: match destination 172.18.11.114/32 destination-port =80 ;
Fri, 15 Dec 2017 08:36:58 8742 configuration
Fri, 15 Dec 2017 08:36:58 8742 configuration invalid keyword "match"
Fri, 15 Dec 2017 08:36:58 8742 api command could not parse flow in : announce flow match destination 172.18.11.114/32 destination-port =80
Fri, 15 Dec 2017 08:36:58 8742 api reason: invalid keyword "match"
Fri, 15 Dec 2017 08:36:58 8742 process responding to announce-routes : error
example #2
Fri, 15 Dec 2017 09:12:46 8742 process command from process announce-routes : announce flow source-ipv4 172.18.11.114/32 destination-port =9999
Fri, 15 Dec 2017 09:12:46 8742 reactor async | announce-routes | announce flow source-ipv4 172.18.11.114/32 destination-port =9999
Fri, 15 Dec 2017 09:12:46 8742 configuration . source-ipv4 | '172.18.11.114/32' 'destination-port' '=9999'
Fri, 15 Dec 2017 09:12:46 8742 api issue parsing the flow
Fri, 15 Dec 2017 09:12:46 8742 process responding to announce-routes : error
Fri, 15 Dec 2017 09:12:46 8742 reactor async | announce-routes | announce flow source-ipv4 172.18.11.114/32 destination-port =9999
Fri, 15 Dec 2017 09:12:46 8742 configuration . source-ipv4 | '172.18.11.114/32' 'destination-port' '=9999'
Fri, 15 Dec 2017 09:12:46 8742 api issue parsing the flow
Fri, 15 Dec 2017 09:12:46 8742 process responding to announce-routes : error
Thomas Mangin
Dec 27, 2017, 5:39:10 PM12/27/17
to exabgp...@googlegroups.com
Please look the examples in the repository - if it does not provide you with the information you need please re-ask here.
00_tlb_00
Jan 3, 2018, 12:23:01 PM1/3/18
to exabgp-users
Thank you Thomas - Per our testing in case this helps anyone (using python) , the JSON of flowspec received-route provided in initial message of thread can be parsed e.g. after loading json as 'announce_load'.
#parse for value
announce_route = announce_load[u’neighbor'][u'message']['update']['announce']['ipv4 flow']['no-nexthop'][0]['string']
#print announce_route
flow source-ipv4 172.18.11.114/32 destination-port =9999
#cleanse
updated_announce_route = string.replace(announce_route, 'flow', 'announce flow route')
#this can now be announced with encoder text
announce flow route source-ipv4 172.18.11.114/32 destination-port =9999
note withdraw can be used in place of announce.
Reply all
Reply to author
Forward
0 new messages