OverviewΒΆ
BGP flowspec introduces a new Network Layer Reachability Information (NLRI) encoding format that is used to distribute traffic rule flow specifications. Basically, instead of simply relying on destination IP address for IP prefixes, the IP prefix is replaced by an n-tuple consisting of a rule. That rule can be a more or less complex combination of the following:
All below items are supported in this release.
Network IP source/destination (can be one or the other, or both), for both IPv4 and IPv6.
Layer 4 information for UDP, TCP : source port, or destination port, or any port for both IPv4 and IPv6.
Layer 4 information for ICMP type and ICMP code, for both IPv4 and IPv6.
Layer 3 information : DSCP value, Protocol type, packet length for both IPv4 and IPv6.
Layer 3 information : fragmentation for IPv4 support
Misc layer 4 TCP flags, for both IPv4 and IPv6.
A combination of the above rules is applied for traffic filtering. This is encoded as part of specific BGP extended communities and the action can range from the obvious rerouting (to next hop or to separate L3VRF) to shaping, or discard.
Following IETF RFC documents have been used to implement flowspec: