The clean traffic is currently spewed out on an interface and a router is expected to take this traffic and send it, through a clean VRF or similar, to the egress PE.

I think this functionality belongs in SnabbDDoS. We can use tunneling like GRE, L2TPv3 or similar to tunnel the clean packets directly to the egress PE. We need to receive a BGP feed from the network so we know which PE has what routes. The tunneling part is then easy, we just send the traffic encapsulated with a destination IP address of the PE loopback. Assuming next-hop-self in the network, the next-hop of each route is the loopback address of the router.

We need ExaBGP or similar to populate the routing table, how to do IPC for this? Or do we write this as a config file and re-read every now and then - feels ugly, better with IPC, no?

• LPM table so we can map dst IP to PE
• tunneling app for L2TPv3, optionally GRE
• BGP process to receive routes and somehow feed into LPM table

For residential customers in a TeraStream network we could actually compute the next-hop since all customers are in an aggregate and the R1 id is encoded in the aggregate, so it's just a matter of a few bit flips to get R1 lo0 address.