Does anyone know how to secure my /24 from layer 7 attacks? i already contacted my upstream he said:
you will have to add bgp community 940 to your advertisement in order for filtering to work properly.
Hi,
How the detection worked? You Upstream provider do this?
you can set communities in route-maps
set policy route-map <name> rule 1 set community...
set policy route-map <name> rule 1 set large-community...
this is not very good documented but see more here:
https://vyos.readthedocs.io/en/latest/routing/bgp.html#route-filter
@rob should i set route-map policy in order to filtering work properly?
we have a cross-connect link between ISP and my vyos
My vyos configuration JustPaste.it - Share Text & Images the Easy Way
when your prefix should have the community, yes.
you use VyOS below version 1.2?
I’m using VyOS-1.1.8
As i share my configuration with you do you know the exact command line which i have to use, it would be really help for me.
No one help me here?
sorry have no time yesterday.
1.1.8 are no longer supported. You should update your box.
in latest vyos. the config are like here:
https://vyos.readthedocs.io/en/latest/routing/bgp.html#route-filter
you just have to add the community with:
set policy route-map <name> rule 1 set community...
your ISP have to say how the community string have to look like.
@rob thank you for your time, which version i have to install?
i use 1.2.2
you can get the bleeding edge version here: VyOS Community
build the stable crux (1.2.x) branch by your own: GitHub - vyos/vyos-build: VyOS image build scripts
or buy access subscriptions with access to build LTS versions and support: Software Subscriptions – VyOS
@rob thank you for the links, Is there any way to migrate from 1.1.8 to 1.2?
Hey, yes off course.
see here https://vyos.readthedocs.io/en/latest/image-mgmt.html
there is a migration process when you install a new image.