Date created: Monday, May 6, 2024 2:34:17 PM. Last modified: Friday, July 12, 2024 5:36:03 PM
Example BIRD Config - Flowspec
For Flowspec syntax reference, see the "Flowspec" section under "static": https://bird.network.cz/?get_doc&v=20&f=bird-6.html
Example config from bird 2.15.1 which advertises 2x IPv4 /32s and 2x IPv6 /128s. It also advertises a Flowspec rule for one of the /32s and one of the /128s.
log stderr all;
log syslog all;
debug protocols all;
flow4 table flowspec4; # Create two tables for storing Flowspec v4 & v6 rules, unicast v4 & v6 tables exist by default
flow6 table flowspec6;
router id 10.0.0.140;
protocol device {
}
protocol bgp {
description "IPv4 unicast + flowspec peering";
neighbor 10.0.0.128%ens1f0 as 65535;
local 10.0.0.129 as 64600;
router id 10.0.0.129;
source address 10.0.0.129;
strict bind on; # Default off
direct; # default enabled for eBGP
interpret communities off; # default on
enable route refresh on; # default on
enable as4 on; # default on
capabilities on; # default on
ipv4 {
# "none" and "all" filters are built-ins
import all; # Default off
export all; # Default off
mandatory on; # Default off
};
flow4 {
import none; # Default off
export all; # Default off
# validate off; # Disable RFC5575 Sec 6 validation. Default off.
};
}
protocol bgp {
description "IPv6 unicast + flowspec peering";
neighbor fd:128::128%ens1f0 as 65535;
local fd:128::129 as 64600;
source address fd:128::129;
strict bind on;
direct;
interpret communities off;
enable route refresh on;
enable as4 on;
capabilities on;
ipv6 {
import all;
export all;
mandatory on;
};
flow6 {
import none;
export all;
};
}
protocol static {
ipv4;
route 10.0.0.126/32 via "lo";
route 10.0.0.127/32 via "lo";
}
protocol static {
ipv6;
route fd:126::126/128 via "lo";
route fd:126::127/128 via "lo";
}
protocol static {
flow4;
route flow4 {
dst 10.0.0.126/32; # Dst is the only required attribute for Flowspec routes
src 10.0.0.201/32;
proto = 6;# 6== TCP, 17 == UDP
dport = 5001; # iPerf
#dport 5001..5001 # Port range example
} {
bgp_ext_community.add( (generic, 0x8006FC58, 0x49200000 ) ); # 0x8006 == Rate-limit type, 0xFC58 == AS64600, 0x49200000 == 5Mbps in bytes as IEEE Floatingpoint
};
route flow4 {
dst 10.0.0.126/32;
src 10.0.0.202/32;
proto = 6;
dport = 5001;
} {
#bgp_ext_community.add( (generic, 0x8006FC58, 0x0 ) ); # 0x8006 == Rate-limit type, 0xFC56 == AS64600, 0x0 == 0Mbps (drop)
};
route flow4 {
dst 10.0.0.128/32;
src 10.0.0.203/32;
proto = 6;
dport = 5001;
} {
# 0x0800 == Redirect to next-hop-IP -> deprecated
# 0x010C == Flow-spec Redirect to IPv4
# 0xC0000201 == 192.0.2.1
# 0x0000 == C-bit is unset (redirect original flow, not a copy of the flow)
bgp_ext_community.add( (generic, 0x010CC000, 0x02010000 ) );
};
}
protocol static {
flow6;
route flow6 {
dst fd:126::126/128;
src fd::201/128;
next header = 6;
dport = 5001;
} {
bgp_ext_community.add( (generic, 0x8006FC58, 0x49200000 ) );
};
route flow6 {
dst fd:126::127/128;
src fd::202/128;
next header = 6;
dport = 5001;
} {
bgp_ext_community.add( (generic, 0x8006FC58, 0x49200000 ) );
};
route flow6 {
dst fd:126::128/128;
src fd::203/128;
next header = 6;
dport = 5001;
} {
# 0x0800 == Redirect to next-hop-IP -> deprecated
# 0x010C == Flow-spec Redirect to IPv4
# 0xC0000201 == 192.0.2.1
# 0x0000 == C-bit is unset (redirect original flow, not a copy of the flow)
bgp_ext_community.add( (generic, 0x010CC000, 0x02010000 ) );
};
} Previous page: Dockerfile
Next page: Example BIRD Config - IPv4/IPv6 Unicast