Hi Peter,
Yes to all of the above:
- Created group "test" with the /32 target
- Tried with both Flowspec enabled/disabled, always with bgp enabled of course.
- Tried RTBH and Flowspec actions.
- BGP is up with both routers Juniper, i am receiving one prefix from them, but i am not advertising anything to them when events are generated.
- Double checked inbound policies on the Juniper routers.
- I do see events generated on both the GUI and the api endpoint, as well as on the log output.
- I have run the docker container with ddos.conf file and cmd line -D properties.
Also, I am not able to create groups on the GUI, I was with the previous version. So I added it on the command line.
This is the last test (without flowspec):
docker run --rm --net=host --name=ddos-protect --sysctl net.ipv4.ip_unprivileged_port_start=0 sflow/ddos-protect -Dbgp.port=179 -Dddos_protect.router=XXX.XXX.XXX.XXX,YYY.YYY.YYY.YYY -Dddos_protect.as=ASN -Dddos_protect.mode=automatic -Dddos_protect.id=ZZZ.ZZZ.ZZZ.ZZZ -Dddos_protect.router.0.agent=XXX.XXX.XXX -Dddos_protect.router.1.agent=YYY.YYY.YYY.YYY -Dddos_protect.nexthop=192.0.2.1 -Dddos_protect.community=ASN:666 -Dddos_protect.localpref=1000 -Dddos_protect.group.test=<target ip>/32
2020-11-03T14:55:13Z INFO: Starting sFlow-RT 3.0-1529
2020-11-03T14:55:14Z INFO: Version check, running latest
2020-11-03T14:55:14Z INFO: Listening, BGP port 179
2020-11-03T14:55:15Z INFO: Listening, sFlow port 6343
2020-11-03T14:55:15Z INFO: Listening, HTTP port 8008
2020-11-03T14:55:15Z INFO: DNS server
2020-11-03T14:55:15Z INFO: DNS server
2020-11-03T14:55:16Z INFO: app/prometheus/scripts/export.js started
2020-11-03T14:55:16Z INFO: app/browse-flows/scripts/top.js started
2020-11-03T14:55:16Z INFO: app/ddos-protect/scripts/ddos.js started
2020-11-03T14:55:37Z INFO: BGP open XXX.XXX.XXX.XXX 51908
2020-11-03T14:55:38Z INFO: BGP open YYY.YYY.YYY.YYY 57628
2020-11-03T14:56:17Z INFO: DDoS drop icmp_flood <target ip> test 8
2020-11-03T15:01:18Z INFO: DDoS release icmp_flood <target ip> test 8
I'm reviewing the js script now.