Distribution of Flowspec Rules by BGP

BGP distributes flow specification (flowspec) rules by using a flow specification Network Layer Reachability Information (NRLI) type.

A BGP application is identified by a specific AFI-SAFI pair. Non-VPN IPv4 BGP flowspec has the following AFI-SAFI pair:

The flow specification NRLI type consists of several optional sub-component types. These sub-component types form the n-tuple of the matching criteria. A specific packet is considered to match the flow specification when it matches the components types in the specification. You can define the following sub-component types or tuples.

Table 1. BGP flowspec NLRI sub-component types

BGP flowspec NLRI type

Description

Encoding

Type 1

Destination Prefix

<type (1 octet), prefix length (1 octet), prefix>

Type 2

Source Prefix

<type (1 octet), prefix-length (1 octet), prefix>

Type 3

IP Protocol (IPv4)

<type (1 octet), [op, value]+>

Type 4

Port

<type (1 octet), [op, value]+>

Type 5

Destination port

<type (1 octet), [op, value]+>

Type 6

Source port

<type (1 octet), [op, value]+>

Type 7

ICMP type

<type (1 octet), [op, value]+>

Type 8

ICMP code

<type (1 octet), [op, value]+>

Type 9

TCP flags (CWR, ECE, URG, ACK, PSH, RST, SYN, FIN)

<type (1 octet), [op, bitmask]+>

Type 10

Packet length

<type (1 octet), [op, value]+>

Type 11

DSCP

<type (1 octet), [op, value]+>

Type 12

Fragment (LF, FF, IsF, DF)

<type (1 octet), [op, bitmask]+>