Page MenuHomeVyOS Platform
Create Task
Maniphest T1567

BGP communities Filtering
Closed, InvalidPublicBUG
Actions

Description

Does anyone know how to secure my /24 from layer 7 attacks? i already contacted my upstream he said:

Upstream said: you will have to add bgp community 940 to your advertisement in order for filtering to work properly.

e have a cross-connect link between ISP and my vyos

My vyos configuration https://justpaste.it/3k89g 3

Details

Difficulty level
Unknown (require assessment)
Version
VyOS-1.1.8
Why the issue appeared?
Will be filled on close

Event Timeline

noitcennok created this task.Aug 8 2019, 7:31 AM
rherold added a subscriber: rherold.Aug 8 2019, 8:47 AM

You can add a community via route-map to your outgoing routes.

set policy route-map $YOUR-OUTGOING-MAP rule $RULENUM set community ..

noitcennok added a comment.Aug 8 2019, 8:56 AM

@

In T1567#40707, @rherold wrote:

You can add a community via route-map to your outgoing routes.

set policy route-map $YOUR-OUTGOING-MAP rule $RULENUM set community ..

set policy route-map EDGE rule 1 set community additive ASN:940

Is this correct?

vyos@rt0-usa# show policy route-map EDGE
rule 1 {

action permit
match {
    interface eth1
    ip {
        address {
            prefix-list EXPORT-UpstreamASN
        }
    }
    tag 940
}
set {
    as-path-prepend UpstreamASN
    community "additive UpstreamASN:940"
}

}
[edit]

syncer closed this task as Invalid.Aug 8 2019, 10:20 AM
syncer added a project: Rejected.
syncer added a subscriber: syncer.

This is a support request,
closing in favor of forum post
https://forum.vyos.io/t/bgp-communities-filtering/3969/2

noitcennok assigned this task to syncer.Aug 8 2019, 10:24 AM

Please open this one as I want to get help from experts.