BGP flowspec introduces a new Network Layer Reachability Information (NLRI) encoding format that is used to distribute traffic rule flow specifications. Basically, instead of simply relying on destination IP address for IP prefixes, the IP prefix is replaced by a n-tuple consisting of a rule. That rule can be a more or less complex combination of the following:
All below items are supported in this release.
- Network IP source/destination (can be one or the other, or both).
- Layer 4 information for UDP, TCP : source port, or destination port, or any port.
- Layer 4 information for ICMP type and ICMP code.
- Layer 3 information : DSCP value, Protocol type, packet length, fragmentation.
- Misc layer 4 TCP flags.
A combination of the above rules is applied for traffic filtering. This is encoded as part of specific BGP extended communities and the action can range from the obvious rerouting (to nexthop or to separate VRF) to shaping, or discard.
Following IETF RFC documents have been used to implement flowspec: