We need a controller which will parse bgp flowspec data and generate nftables rules.
Examples mentioned in FRR https://github.com/FRRouting/frr/blob/master/doc/user/flowspec.rst work with `iptables` and `ipset`, neither of them not used in VyOS 1.4
As an alternative way we have 2 options:
1. Try to parse FRR data with "custom LUA scripts" http://docs.frrouting.org/projects/dev-guide/en/latest/scripting.html
2. Use [[ https://github.com/Exa-Networks/exabgp | ExaBGP ]] as a controller which will generate `nft rules` for VyOS.
ExaBGP seems preferable as it uses a lot of python code.
I think it is a good idea that Controller should communicate with VyOS via API
[[ https://blog.sflow.com/2017/07/bgp-flowspec-on-white-box-switch.html | Example ]]
Some plays for developing:
```
set protocols bgp local-as '65001'
set protocols bgp neighbor 192.168.29.11 address-family ipv4-flowspec soft-reconfiguration inbound
set protocols bgp neighbor 192.168.29.11 address-family ipv4-unicast
set protocols bgp neighbor 192.168.29.11 description 'Controller'
set protocols bgp neighbor 192.168.29.11 remote-as '65001'
set container name exabgp image 'biwhite/exabgp'
set container name exabgp network NET01 address '192.168.29.11'
set container name exabgp volume exabgp destination '/etc/exabgp'
set container name exabgp volume exabgp source '/etc/exabgp'
set container network NET01 prefix '192.168.29.0/24'
```
Debug:
```
exabgp --debug /etc/exabgp/exabgp.conf
14:05:33 | 18580 | parser | announced NLRI none
14:05:33 | 18580 | peer-1 | << UPDATE #1
14:05:33 | 18580 | peer-1 | UPDATE #1 nlri ( 12) flow destination-ipv4 192.0.2.0/24 protocol =udp destination-port =53
14:05:33 | 18580 | peer-1 | UPDATE #1 nlri ( 16) flow destination-ipv4 0.0.0.0/0 source-ipv4 203.0.113.55/32 protocol =udp destination-port =8080
```