Vyos Layer 7 attacks

Does anyone know how to secure my /24 from layer 7 attacks? i already contacted my upstream he said:

you will have to add bgp community 940 to your advertisement in order for filtering to work properly.

Hi,

How the detection worked? You Upstream provider do this?

you can set communities in route-maps
set policy route-map <name> rule 1 set community...
set policy route-map <name> rule 1 set large-community...

this is not very good documented but see more here:
https://vyos.readthedocs.io/en/latest/routing/bgp.html#route-filter

@rob should i set route-map policy in order to filtering work properly?

we have a cross-connect link between ISP and my vyos

My vyos configuration https://justpaste.it/3k89g

when your prefix should have the community, yes.

you use VyOS below version 1.2?

I’m using VyOS-1.1.8

As i share my configuration with you do you know the exact command line which i have to use, it would be really help for me.

No one help me here?

sorry have no time yesterday.

1.1.8 are no longer supported. You should update your box.

in latest vyos. the config are like here:
https://vyos.readthedocs.io/en/latest/routing/bgp.html#route-filter

you just have to add the community with:
set policy route-map <name> rule 1 set community...

your ISP have to say how the community string have to look like.

@rob thank you for your time, which version i have to install?

i use 1.2.2

you can get the bleeding edge version here: https://downloads.vyos.io/?dir=rolling/current/amd64

build the stable crux (1.2.x) branch by your own: https://github.com/vyos/vyos-build

or buy access subscriptions with access to build LTS versions and support: https://pages.vyos.io/access-subscriptions

@rob thank you for the links, Is there any way to migrate from 1.1.8 to 1.2?

Hey, yes off course.

see here https://vyos.readthedocs.io/en/latest/image-mgmt.html

there is a migration process when you install a new image.