Configuration of BGP flowspec includes optionally configuring the border-routing profile in TCAM, enabling the BGP flowspec address family and address-family neighbors, and generating and distributing the flowspec rules.
Configuration of BGP flowspec consists of the following high-level tasks.
Therefore, for maximum support of BGP flowspec match criteria and actions, enable the border-routing profile. For more information, see Enable the Border-Routing TCAM Profile.
(Optional) Collect forward or drop statistics.
When statistics are enabled (with the ip flowspec rules statistics command), statistics are collected only for traffic that matches BGP flowspec rules.
To collect forward or drop statistics, use the profile counters command, specifying either the counter-profile-1 or the counter-profile-4 option. For more information, see Enable the Border-Routing TCAM Profile.
Enable the BGP flowspec address family and activate the neighbors that are needed to advertise or receive the flowspec rules. For more information, see Enable the BGP Flowspec Address Family and Activate Neighbors.
Configure the BGP flowspec rules. Rules are configured as different sequences of a route map. For more information, see Configure BGP Flowspec Rules.
(Optional) When BGP flowspec validation is not needed, disable it at the neighbor or peer-group level with the neighbor flowspec validation command, or at the address-family level with the flowspec validation command.
(Optional) When a peer device from another vendor supports a different implementation of the redirect nexthop action, use the CLI to configure the respective interoperational parameters for generating local rules based on the compatibility of the peer device.
Pass the route map to BGP by using the distribute command in BGP address-family IPv4 flowspec configuration mode. For more information, see Distribute BGP Flowspec Rules.