Use ExaBGP to insert the routes? (https://github.com/Exa-Networks/exabgp) This is some old Perl that generates the older ExaBGP 2.0 style entries, but it uses template toolkit which means you can easily change the output format: https://paste.somuch.fail/?744af55b8bea1414#WlXYkcfATNRxpRcr4NGOtxw4cqzStbCp... There's a lot more you could do to make this even more flexible, you don't need YANG or to modify any config, just build something that accepts what you're after and sends it as flowspec routes from ExaBGP to the routers you care about. -- Tim On Tue, Jun 16, 2020 at 1:46 PM Douglas Fischer <fischerdouglas@gmail.com> wrote:
We were looking for some way to implement BGP Flowspec Filtering(just the permit/deny basic) using L3 switches in an automated way.
Searching a bit we found https://github.com/ios-xr/bgpfs2acl
Is almost what we are looking for! But is focused on Cisco devices.
We even considered fork it to our specific vendor. But before reinventing the wheel, I decide to ask to colleagues if anybody knows some tool that converts BGP Flowspec ACLs into YAML or even to YANG.
If that exists, with Ansible/Netconf/RestConf(or some similar tool), it would be easy to delegate to Switchs doing the basic filtering that only More expensive Routers can do by now.
P.S.: This Idea does not include(on the first moment) more complex features of Flowspec like Redirect ou Rate-Limt.
Any suggestions or ideas?
-- Douglas Fernando Fischer Engº de Controle e Automação