Routing

Expand all | Collapse all

Deploying BGP FlowSpec

Jump to Best Answer
  • 1.  Deploying BGP FlowSpec

    Posted 09-19-2019 07:10

    Hi all,

    I am currently deploying BGP FlowSpec and getting into some issues.

     

    I have a VMX which is getting the flowroutes from an automator. The VMX is peering with the edge router which will take action according to the flow route. The issue is that according to Juniper documentation, the policy to advertise the BGP flowspec route via BGP should be:

         policy-options {
             policy-statement FLOW-TO-BGP {
                 term 1 {
                     from rib inetflow.0;
                     then accept;
    }
          term 2 {
                     then reject;
                 }
           }
    }

    However, I am not able to configure it like this, because inetflow.0 is not available to use.

    admin@VMX-1# set policy-options policy-statement FLOW-TO-BGP term 1 from rib ?
    Possible completions:
      <rib>                Routing table
      inet6.0

    Does anyone know how this can be solved?
    Thanks


    #BGP
    #flowroute
    #rate-limit
    #Flowspec
    #blackhole


  • 2.  RE: Deploying BGP FlowSpec

     
    Posted 09-19-2019 09:43

    Hi,

    Can you please make sure you have "family inet flow" configured under the BGP? Only then the inetflow.0 table will be created.

    Can you provide the output of show bgp neighbor <>

     

     

    *** Please mark this as solution if it resolved your issue so others can benefit from the post.



  • 3.  RE: Deploying BGP FlowSpec

    Posted 09-19-2019 09:53

    Hi,


    Yes, family inet flow is already configured under the BGP. Following is the output as requested.

    admin@VMX-1> show bgp neighbor XX.XX.XX.XX
      Group: XXXX     Routing-Instance: master
      Forwarding routing-instance: master
      Type: Internal    State: Established    Flags: <Sync>
      Last State: OpenConfirm   Last Event: RecvKeepAlive
      Last Error: None
      Export: [ XXXX ] Import: [ XXXX ]
      Options: <Preference LocalAddress AuthKey AddressFamily Refresh>
      Authentication key is configured
      Address families configured: inet-unicast inet-flow
      Local Address: XX.XX.XX.XX Holdtime: 90 Preference: 170
      Number of flaps: 5
      Last flap event: RecvNotify
      Error: 'Cease' Sent: 0 Recv: 5
      Keepalive Interval: 30         Group index: 0    Peer index: 0
      BFD: disabled, down
      NLRI for restart configured on peer: inet-unicast inet-flow
      NLRI advertised by peer: inet-unicast inet-flow
      NLRI for this session: inet-unicast inet-flow
      Peer supports Refresh capability (2)
      Stale routes from peer are kept for: 300
      Peer does not support Restarter functionality
      Restart flag received from the peer: Notification
      NLRI that restart is negotiated for: inet-unicast inet-flow
      NLRI of received end-of-rib markers: inet-unicast inet-flow
      NLRI of all end-of-rib markers sent: inet-unicast inet-flow
      Peer does not support LLGR Restarter functionality
      Peer supports 4 byte AS extension (peer-as XXXX)
      Peer does not support Addpath
      Table inet.0 Bit: 10000
        RIB State: BGP restart is complete
        Send state: in sync
        Active prefixes:              0
        Received prefixes:            0
        Accepted prefixes:            0
        Suppressed due to damping:    0
        Advertised prefixes:          1557
      Table inetflow.0 Bit: 20000
        RIB State: BGP restart is complete
        Send state: in sync
        Active prefixes:              0
        Received prefixes:            0
        Accepted prefixes:            0
        Suppressed due to damping:    0
        Advertised prefixes:          1
      Last traffic (seconds): Received 20   Sent 4    Checked 72
      Input messages:  Total 4153	Updates 2	Refreshes 0	Octets 78922
      Output messages: Total 4224	Updates 19	Refreshes 0	Octets 88837
      Output Queue[0]: 0            (inet.0, inet-unicast)
      Output Queue[1]: 0            (inetflow.0, inet-flow)


  • 4.  RE: Deploying BGP FlowSpec
    Best Answer

     
    Posted 09-20-2019 06:43

    Hi,

     

    In the cli option, <rib> indicates whatever table you want to define.

     

    set policy-options policy-statement FLOW-TO-BGP term 1 from rib ?
    Possible completions:
    <rib> Routing table <<<<<<<<<<<<<<<< call the route table

     

    Thus try this and it should work. I tried it in my lab and the comit goes through -

     

    set policy-options policy-statement FLOW-TO-BGP term 1 from rib inetflow.0 

     

    show | compare
    [edit policy-options]
    + policy-statement FLOW-TO-BGP {
    + term 1 {
    + from rib inetflow.0;
    + }
    + }

     

    # commit check
    re0:
    configuration check succeeds
    re1:
    configuration check succeeds

     

    ** Please mark as solution if this resolves the issue so others can benefit from the post