Skip to content

horseinthesky/fs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
device
device
 
 
internal
internal
 
 
parser
parser
 
 
systemd
systemd
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
config.yml_example
config.yml_example
 
 
fs.go
fs.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

fs

JunOS BGP Flow Spec routes provisioning tool

Go Report License: MIT

Config

Tool config file shoud look somewhat like this:

source: <url_to_download_flow_rules_yaml_file>

inventory: <url_to_netbox_api_device/virtual-machines>

creds:
  username: <your_device_username>
  password: <your_device_password>
  key: <path_to_your_public_ssh_key>

interval: 10

Options:

  • source: something like https://<url>/repos/<reponame>/raw/flows.yml?raw You can use local FS routes file with -f flag. If Web source is used you must provide Netbox token with -t flag.
  • inventory: Netbox URL similar to https://<netbox_url>/api/virtualization/virtual-machines/?role=<myfavoriterole>
  • creds: username, password and/or ssh key to reach the devices. If both password and key are provided key is used
  • interval: sleep time (seconds) between deploying rules to devices

NOTE: path to config file is passed with -c flag.

NOTE2: log filepath and log level are passed with -l and -d flag respectively.

Data

Flows data must have the following format:

flows:
  - name: BOT-2251-1
    destination: 103.3.62.64/32
    protocol:
      - tcp
    destination-port:
      - 14433
      - 14444
  - name: INC-960-1-accept
    destination: 84.201.174.174/32
    protocol:
      - udp
    destination-port:
      - 5055
    action: accept
  - name: SUPPORT-82690-1
    destination: 178.154.244.169/32
    protocol:
      - udp
    source-port:
      - 53
      - 389
      - 11211
  - name: SUPPORT-82690-2
    destination: 178.154.244.169/32
    protocol:
      - icmp
  - name: DUTY-9631-1
    destination: 84.252.135.75/32
    protocol:
      - udp
    source-port:
      - 389
    action: discard
  - name: REGULAR-94800-1
    destination: 84.201.181.26/32
    protocol:
      - udp
    action: discard
  - name: REGULAR-94800-2
    destination: 84.201.171.239/32
    protocol:
      - udp
    action: discard

Supported options:

  • name: rule name
  • destination: destination prefix for this traffic flow
  • source: source prefix for this traffic flow
  • protocol: tcp/udp/icmp
  • destination-port: destination TCP/UDP port
  • source-port: source TCP/UDP port
  • action: accept/discard (default)

YAML Flow Spec routes data is parsed to XML format to build a NETCONF payload and deployed to devices via NETCONF.

Tool supports JunOS devices only.

Result:

[edit routing-options flow]
root@vMX8# show
route BOT-2251-1 {
    match {
        destination-port [ 14433 14444 ];
        destination 103.3.62.64/32;
    }
    then discard;
}

About

JunOS BGP Flow Spec routes provisioning tool

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

2 tags

Languages