Hi Peter,
I'm sorry I've being bombing you with questions lately, I promise I'll stop soon!
I am trying to modify the filter when using BGP information to only select flows where the destination address is included on prefixes received from BGP, and has some specific community. Again, this needs to be the destination address, not the source address of the flow. The purpose of this filter would be to protect inbound attacks, directed to local prefixes (defined by those communities).
This is the filter I want to modify:
filter += '&eq:bgpsourceas:bgpas=false&eq:bgpdestinationas:bgpas=true';
There's the flowkey "bgpcommunities", but how could I associate it with destination addresses only.
Related to this, how come the prefix information has the following information:
{
"prefix": "XXX.XXX.XXX.XXX/19",
"origin": "IGP",
"aspath": "ASN1-ASN2",
"valueIngress": 3.7641340777083474E8,
"valueEgress": 2.286901615970851E8,
"nexthop": "YYY.YYY.YYY.YYY",
"communities": "ASN1:ZZZ"
}
But /flowkeys/json has the following bgp related metrics. Can I access that information for that prefix other than on queries?
"bgpnexthop": 6,
"bgpcommunities": 6,
"bgpsourcepeeras": 6,
"bgpsourceas": 6,
"bgpdestinationaspath": 6,
"bgpas": 6,
"bgpdestinationas": 6,
"bgpdestinationpeeras": 6
For example, how could i check what's the value of "bgpsourceas" for the example prefix showed before. Anyway to do that?
Regards,
GG