View Only


This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.

Flowspec source base filtering by BGP import policy

This thread has been viewed 10 times
  • 1.  Flowspec source base filtering by BGP import policy

    Posted 09-28-2021 23:25

    Source prefixes filtering does not work even I have disabled route validation.

    We would like to deny flow route to flow route announced from exabgp. We have applied safeguard policy to deny the source prefix.

    We also applied route-filter but only work for destination IP prefix.

    The question is how can I block to (*.*) route flow ? Thanks.

    Protocols FLOW BGP
    MX204> show configuration protocols bgp group IBGP4-FLOW
    type internal;
    neighbor {
    family inet {
    flow {
    no-validate ACCEPT-ALL;
    export DENY-ALL;
    peer-as 65533;
    local-as 65533;

    MX204> show configuration policy-options policy-statement FLOWSPEC-DEFAULT
    term REJECT-ANY-ANY {
    from {
    rib inetflow.0;
    source-address-filter exact;
    then reject;

    show route table inetflow.0 extensive   <-- can't block *.*
    MX204> show route table inetflow.0 extensive

    inetflow.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
    Limit/Threshold: 30000/27000 destinations

    *,*,dscp=0/term:9 (1 entry, 1 announced)
    KRT in dfwd;
    Action(s): rate-limit 800000kbps,count
    *BGP Preference: 170/-101
    Next hop type: Fictitious, Next hop index: 0
    Address: 0x5070c9c
    Next-hop reference count: 11
    Next hop:
    State: <Active Int Ext SendNhToPFE>
    Local AS: 65533 Peer AS: 65533
    Age: 38
    Validation State: unverified
    Task: BGP_65533_65533.
    Announcement bits (1): 0-Flow
    AS path: I
    Communities: 65533:19999 traffic-rate:0:100000000
    Localpref: 100
    Router ID:
    Thread: junos-main

    Benjamin CL