O'Reilly logo

JUNOS Automation Cookbook by Adam Chappell

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Operating a distributed ACL function

In this recipe, we'll develop a capability to rapidly deploy packet filters to all devices in our network, making use of BGP to transport the specification of the packet filter rules to all the routers in our network. The capability, defined formally in IETF RFC 5575 and often informally called FlowSpec, is particularly useful in defending large networks against distributed DOS attacks.

It's important to note that these are not full-on session-based firewall rules, but rather a specification of packet-level characteristics that can be applied to incoming traffic in order to determine if special handling is needed. In our case, we'll take a specification of packets based on the following fields in the IP ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required