Routing
Routing

Deploying BGP FlowSpec

[ Edited ]
‎09-19-2019 07:09 AM

Hi all,

I am currently deploying BGP FlowSpec and getting into some issues.

 

I have a VMX which is getting the flowroutes from an automator. The VMX is peering with the edge router which will take action according to the flow route. The issue is that according to Juniper documentation, the policy to advertise the BGP flowspec route via BGP should be:

     policy-options {
         policy-statement FLOW-TO-BGP {
             term 1 {
                 from rib inetflow.0;
                 then accept;
}
      term 2 {
                 then reject;
             }
       } 
}

However, I am not able to configure it like this, because inetflow.0 is not available to use.

admin@VMX-1# set policy-options policy-statement FLOW-TO-BGP term 1 from rib ?
Possible completions:
  <rib>                Routing table
  inet6.0

Does anyone know how this can be solved?
Thanks

3 REPLIES 3
Routing

Re: Deploying BGP FlowSpec

‎09-19-2019 09:42 AM

Hi,

Can you please make sure you have "family inet flow" configured under the BGP? Only then the inetflow.0 table will be created.

Can you provide the output of show bgp neighbor <>

 

 

*** Please mark this as solution if it resolved your issue so others can benefit from the post.

Routing

Re: Deploying BGP FlowSpec

‎09-19-2019 09:52 AM

Hi,


Yes, family inet flow is already configured under the BGP. Following is the output as requested.

admin@VMX-1> show bgp neighbor XX.XX.XX.XX
  Group: XXXX     Routing-Instance: master
  Forwarding routing-instance: master
  Type: Internal    State: Established    Flags: <Sync>
  Last State: OpenConfirm   Last Event: RecvKeepAlive
  Last Error: None
  Export: [ XXXX ] Import: [ XXXX ]
  Options: <Preference LocalAddress AuthKey AddressFamily Refresh>
  Authentication key is configured
  Address families configured: inet-unicast inet-flow
  Local Address: XX.XX.XX.XX Holdtime: 90 Preference: 170
  Number of flaps: 5
  Last flap event: RecvNotify
  Error: 'Cease' Sent: 0 Recv: 5
  Keepalive Interval: 30         Group index: 0    Peer index: 0
  BFD: disabled, down
  NLRI for restart configured on peer: inet-unicast inet-flow
  NLRI advertised by peer: inet-unicast inet-flow
  NLRI for this session: inet-unicast inet-flow
  Peer supports Refresh capability (2)
  Stale routes from peer are kept for: 300
  Peer does not support Restarter functionality
  Restart flag received from the peer: Notification
  NLRI that restart is negotiated for: inet-unicast inet-flow
  NLRI of received end-of-rib markers: inet-unicast inet-flow
  NLRI of all end-of-rib markers sent: inet-unicast inet-flow
  Peer does not support LLGR Restarter functionality
  Peer supports 4 byte AS extension (peer-as XXXX)
  Peer does not support Addpath
  Table inet.0 Bit: 10000
    RIB State: BGP restart is complete
    Send state: in sync
    Active prefixes:              0
    Received prefixes:            0
    Accepted prefixes:            0
    Suppressed due to damping:    0
    Advertised prefixes:          1557
  Table inetflow.0 Bit: 20000
    RIB State: BGP restart is complete
    Send state: in sync
    Active prefixes:              0
    Received prefixes:            0
    Accepted prefixes:            0
    Suppressed due to damping:    0
    Advertised prefixes:          1
  Last traffic (seconds): Received 20   Sent 4    Checked 72
  Input messages:  Total 4153	Updates 2	Refreshes 0	Octets 78922
  Output messages: Total 4224	Updates 19	Refreshes 0	Octets 88837
  Output Queue[0]: 0            (inet.0, inet-unicast)
  Output Queue[1]: 0            (inetflow.0, inet-flow)
Highlighted
Routing
Solution
Accepted by topic author vakas10
‎09-20-2019 08:04 AM

Re: Deploying BGP FlowSpec

‎09-20-2019 06:43 AM

Hi,

 

In the cli option, <rib> indicates whatever table you want to define.

 

set policy-options policy-statement FLOW-TO-BGP term 1 from rib ?
Possible completions:
<rib> Routing table <<<<<<<<<<<<<<<< call the route table

 

Thus try this and it should work. I tried it in my lab and the comit goes through -

 

set policy-options policy-statement FLOW-TO-BGP term 1 from rib inetflow.0 

 

show | compare
[edit policy-options]
+ policy-statement FLOW-TO-BGP {
+ term 1 {
+ from rib inetflow.0;
+ }
+ }

 

# commit check
re0:
configuration check succeeds
re1:
configuration check succeeds

 

** Please mark as solution if this resolves the issue so others can benefit from the post