Hello!
Well, RFC 5575 doesn't explicitly say that the flowspec rule must contain the
destination chunk, anyway it specifies that these rules should be understood as
additional information for unicast BGP prefixes.
Therefore we assume that the dst is de facto mandatory, despite de iure it is
optional.
If there are more benevolent implementations, we may think about waiving this.
I think we don't have any strong position on that, we just assume that flowspec
is used in the way the RFC says which assumes dst always present.
Maria
On February 5, 2020 8:44:54 PM GMT+01:00, "Alex D." <listensamm...@gmx.de>
wrote:
>Hi,
>does anybody know something about the behavior observed ?
>Regards,
>Alex
>
>-------- Original-Nachricht --------
>Betreff: BGP session closed after receipt of flowspec route without
>destination prefix
>Datum: Fri, 24 Jan 2020 21:33:17 +0100
>Von: Alex D. <listensamm...@gmx.de>
>An: bird-users@network.cz
>
>
>
>Hi,
>
>i configured the following flowspec route on a Juniper router:
>route v6test {
> match {
> source 2a02:xxxx:xxxx:xxxx::1/128;
> }
> then discard;
>}
>
>The route was accepted on my Juniper router and blocked all traffic
>from
>src ip 2a02:xxxx:xxxx:xxxx::1 as expected. After advertising the route,
>BIRD closed the BGP session. Is this an expected behaviour, means does
>is it necessary, that a dst prefix for a flowspec route must exist ?
>
>Log:
>2020-01-24 09:52:26.750 <RMT> vs_dis_r1_6838: No dst prefix at first
>pos
>2020-01-24 09:52:26.750 <RMT> vs_dis_r1_6838: Error: Malformed
>attribute
>list
>2020-01-24 09:52:26.750 <TRACE> vs_dis_r1_6838: BGP session closed
>
>BIRD accepted the route after changing to:
>route v6test {
> match {
> destination ::/0;
> source 2a02:xxxx:xxxx:xxxx::1/128;
> }
> then discard;
>}
>
>Regards,
>Alex
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
