Hi,
I trying to solve a issue with topology below.
DDOS detection software bgp session on table / rib inet.0 > MX ROUTER > vrf ddos cloud with a bgp session inside with the remote scrubbing center.
The DDOS detection software detects the target host IP , convert it to a /24 with the correct AS PATH and advertise it currently to rib inet.0.
The problem is when the scrubbing center send back the clean traffic, the next hop of the route is the ddos software.
I figure it out a solution that is to DDOS detection software advertise the route direct to vrf and with a firewall filter when the traffic gets back cleaned ,
force to find the route on table inet. but to acomplish that I need that table inet dindn´t get this route.
I tried with bgp protocol family inet unicast rib-group to-vrf but the received route from the system is installed on both tables.
Is there a solution that doesn´t involve filtering at FIB ( routing options forwarding table filter to filter the the ddos detection routes don´t get installed at the FIB?)
Regards.
------------------------------
Gustavo Santos
------------------------------