BGP Flowspec against Juniper supported?

asked 2015-12-06

kagouros

updated 2015-12-07


after finally getting ODL to push a route to quagga as well as a juniper device I tried my luck with flowspec. First try: Configure a flowspec rule on the Juniper Box and see, if ODL learns it. Result negative. However I found quite a few exceptions in the ODL log.

Then I tried it the other way around: Push a flow spec rule towards the Juniper box. The BGP log on the Juniper machine showed me something coming in but didn't tell me why it didn't accept it. Also after doing that no ipv4 routes were exchanged any more between ODL and Junos. Querying the rib on ODL I would only see flowspec routes I pushed via restconf and nothing else.

Is this supposed to work? Also could someone please tell me how to a) remove all the state (like the routes I already pushed) and b) what is the xmlns for a single flowspec route?



What ODL version are you using? What exceptions have you seen in ODL log - something related to BGP-FS?

Milos Fabian

0.3.2 I see exceptions from BGP yes. Shall I post the log somewhere?

kagouros

kagouros

Looks familiar - I suggest to use latest Lithium SR3 distribution.

Milos Fabian

SR3 already out or do I need to git clone?

kagouros

2 answers

answered 2015-12-09

Milos Fabian

To remove added flowspec router: URL: http://localhost:8181/restconf/config... Method: DELETE

Can I just delete the whole <flowspec-routes> block? How can one add single routes like with ipv4?

kagouros

Yes, you can also delete specific FS route.

Milos Fabian

With which URL? (also with which URL and xmlns can I post a single one?

kagouros

Do I have to pass the XML for the whole shebang <flow-routes>...</flow-routes> as argument if I use http://localhost:8181/restconf/config/bgp-rib:application-rib/example-app-rib/tables/bgp-types:ipv4-address-family/bgp-flowspec:flowspec-subsequent-address-family?

kagouros

I tried even deleting all of them I get a 200 OK but when I query they are still there.

kagouros

answered 2016-01-12

keven

hi , did you resolved this FS issue ?
i can received FS prefixes form ODL , but can't advertised FS prefix to real device . i tested on 0.3.4 release and 0.4 snapshot version .

Hi, what exactly is you problem with advertising FS routes? Can you share your input data?

Milos Fabian

Hi, yes I can write to a real device (and verified that the traffic is actually blocked. I tested this with a VMX from Juniper. I tested with 0.3.3. Still waiting for the information on how to delete a single fs-entry. Konstantin

kagouros

I am assuming that fs-route-key its what I specify in <route-key> in the route?

kagouros

hi , kagouros , did you test with cisco device ? i used cisco device for test FS , but can't advertised FS prefix to cisco . the ODL didn't display error message when i post FS prefix by API .

keven
