BGP distributes flow specification (flowspec) rules by using a flow specification Network Layer Reachability Information (NRLI) type.
The flow specification NRLI type consists of several optional sub-component types. These sub-component types form the n-tuple of the matching criteria. A specific packet is considered to match the flow specification when it matches the components types in the specification. You can define the following sub-component types or tuples.
BGP flowspec NLRI type |
Description |
Encoding |
---|---|---|
Type 1 |
Destination Prefix |
<type (1 octet), prefix length (1 octet), prefix> |
Type 2 |
Source Prefix |
<type (1 octet), prefix-length (1 octet), prefix> |
Type 3 |
IP Protocol (IPv4) |
<type (1 octet), [op, value]+> |
Type 4 |
Port |
<type (1 octet), [op, value]+> |
Type 5 |
Destination port |
<type (1 octet), [op, value]+> |
Type 6 |
Source port |
<type (1 octet), [op, value]+> |
Type 7 |
ICMP type |
<type (1 octet), [op, value]+> |
Type 8 |
ICMP code |
<type (1 octet), [op, value]+> |
Type 9 |
TCP flags (CWR, ECE, URG, ACK, PSH, RST, SYN, FIN) |
<type (1 octet), [op, bitmask]+> |
Type 10 |
Packet length |
<type (1 octet), [op, value]+> |
Type 11 |
DSCP |
<type (1 octet), [op, value]+> |
Type 12 |
Fragment (LF, FF, IsF, DF) |
<type (1 octet), [op, bitmask]+> |