Feature request: add a bgp-action "set-aspath" for gobgpd.conf

[mrosic]

Hello

the following command works via the command line and appends "6666" to the as-path of the announcement:
gobgp global rib add 5.5.5.5/32 nexthop 0.0.0.0 -a ipv4 aspath 6666

However, there is no way to create a policy that will do "aspath 6666" for me. The docs only state how to do an as-path prepend:
policy-definitions.statements.actions.bgp-actions.set-as-path-prepend

But on the cli "aspath 666" will do an append (which is exactly what we need). Therefore I kindly ask whether it would be possible to add something like:
policy-definitions.statements.actions.bgp-actions.set-as-path-append
or, as an alternative, something in the likes of

[policy-definitions.statements.actions.bgp-actions]
  set-aspath = "6666"

The goal of this feature would be to have the same functionality via the configuration file that is currently available via the cli.

Best regards

[fujimoto-s]

Strictly speaking, aspath 6666 does not append as-path. It only sets as-path, and local as-path is prepended when the route is advetised.

# On sending side
$ gobgp global rib add 5.5.5.5/32 nexthop 0.0.0.0 -a ipv4 aspath 6666
$ gobgp global rib
   Network              Next Hop             AS_PATH              Age        Attrs
*> 5.5.5.5/32           0.0.0.0              6666                 00:00:06   [{Origin: ?}]

# On receiving side
$ gobgp global rib
   Network              Next Hop             AS_PATH              Age        Attrs
*> 5.5.5.5/32           192.65.1.2           65001 6666           00:00:06   [{Origin: ?}]
                                             ^^^^^
                                             local as of sending side

Could you tell me why you want that feature?
As far as I know, appending as-path action is not common for Cisco routers and each BGP implementation.

[mrosic]

Hello

thank you very much for your support!
We use "aspath 6666" to announce BGP blackholing of a /32 to our upstreams when we blackhole an IP address of one of our downstream customers who's receving excessive amounts of DDoS traffic. They don't have the tools and the knowledge to protect themselves from DDoS attacks so we have agreed to do it for them and we have to build announcements that look like they came from them (which can be done currently via CLI by using "aspath")

Our upstream will not accept that /32 if we announce it with our own AS because the subnet where 5.5.5.5/32 is in belongs to our customer and not to us (meaning that our upstreams take prefix-filtering very seriously, and rightly so). So if one of our customers is recieving excessive amounts of DDoS traffic the announcement for our upstreams needs to look like this:
5.5.5.5/32 AS-PATH [our-as] [customer-as, e.g. 6666] COMMUNITY [blackhole-community]

##################################################################################
##################################################################################

The end goal is to monitor incoming traffic and if one of our IPs is the target of a DDoS attack we announce Blackholing to our upstreams like this:
4.4.4.4/32 AS-PATH [our-as] COMMUNITY [blackhole-community]

However, if it's one of our customers who is getting targeted, a different policy in gobgpd.conf should mach and build an announcement like this:
5.5.5.5/32 AS-PATH [our-as] [customer-as] COMMUNITY [blackhole-community]

Please note that I would not ask for this feature if it were not already implemented via CLI. Right now we have a different, more complex setup to do what I have described here. But if GoBGP were to offer "set as-path" via policy in gobgpd.conf and not only via CLI, we could simplify our infrastructure and use GoBGP for everything.

I hope that my explanations were clear enough; please feel free to ask if you need more information.

[fujimoto-s]

I noted.
You need the feature in order to notify the upstream of the AS which is under DDoS attack, right?

I made a PR to implement the feature: #1637
Could you try it?

[mrosic]

Hello

I have tested it and it works. Thank you very much, this is an awesome project!