Redirect action support for BGP Flow spec mode
complete
F
FastNetMon
complete
F
FastNetMon
Done, will be released as 2.0.363:
sudo fcli set main set main gobgp_flow_spec_default_action redirect
sudo fcli set main gobgp_flow_spec_v4_redirect_target_as 65535
sudo fcli set main gobgp_flow_spec_v4_redirect_target_community 4294967295
F
FastNetMon
We're happy to announce that we added ability to manually add redirect announces:
{ "source_prefix": "4.0.0.0/24", "destination_prefix": "127.0.0.0/24", "destination_ports": [ 80 ], "source_ports": [ 53, 5353 ], "packet_lengths": [ 777, 1122 ], "protocols": [ "tcp" ], "fragmentation_flags": [ "is-fragment", "dont-fragment" ], "tcp_flags": [ "syn" ], "action_type": "redirect", "action": { "redirect_target_as": 65000, "redirect_target_value": 666 } }
F
FastNetMon
Customer just confirmed that GoBGP has native support for it which can be implemented that way:
gobgp global rib -a ipv4-flowspec add match destination 1.1.1.1/32 then redirect 65001:666
Customer confirmed that it works just fine.
Case: put traffic to vrf (used for redirect traffic to scribbing center)
Customer confirmed that it works fine with J and Cisco.
F
FastNetMon
We need to add vrf support too as it more often implemented.
F
FastNetMon
We've finished next hop capability and you need to upgrade to 2.0.242.
This logic can be enabled that way:
sudo fcli set main gobgp_flow_spec_next_hop_ipv4 10.3.44.6
For manually created announces please use that syntax:
sudo fcli set flowspec '{ "source_prefix": "4.0.0.0/32", "destination_prefix": "127.0.0.0/32", "destination_ports": [ 80 ], "source_ports": [ 53, 5353 ], "packet_lengths": [ 777, 1122 ], "protocols": [ "tcp" ], "fragmentation_flags": [ "is-fragment", "dont-fragment" ], "tcp_flags": [ "syn" ], "action_type": "accept", "ipv4_nexthops": ["11.22.33.44"] }'
You may notice that you can create multiple next hops but our BGP daemon cannot handle it in current version, please limit your case to single hop.