Just a complementary demonstration of a cenário we this "bgpfs2acl" been used. https://youtu.be/8pNZJUHlRPk Em ter., 16 de jun. de 2020 às 15:39, Douglas Fischer < fischerdouglas@gmail.com> escreveu:
We were looking for some way to implement BGP Flowspec Filtering(just the permit/deny basic) using L3 switches in an automated way.
Searching a bit we found https://github.com/ios-xr/bgpfs2acl
Is almost what we are looking for! But is focused on Cisco devices.
We even considered fork it to our specific vendor. But before reinventing the wheel, I decide to ask to colleagues if anybody knows some tool that converts BGP Flowspec ACLs into YAML or even to YANG.
If that exists, with Ansible/Netconf/RestConf(or some similar tool), it would be easy to delegate to Switchs doing the basic filtering that only More expensive Routers can do by now.
P.S.: This Idea does not include(on the first moment) more complex features of Flowspec like Redirect ou Rate-Limt.
Any suggestions or ideas?
-- Douglas Fernando Fischer Engº de Controle e Automação
-- Douglas Fernando Fischer Engº de Controle e Automação