Enable the BGP Flowspec Address Family and Activate Neighbors

Enabling the BGP flowspec IPv4 address family and activating neighbors under this address family supports propagation of a BGP flowspec policy.

Procedure

  1. From privileged EXEC mode, enter global configuration mode. 
    device# configure terminal
  2. Enable BGP routing and enter BGP configuration mode. 
    device(config)# router bgp
  3. Specify the autonomous system number (ASN) in which the device resides. 
    device(config-bgp-router)# local-as 666
  4. Specify the ASN in which a remote neighbor resides. 
    device(config-bgp-router)# neighbor 10.61.61.6 remote-as 666
  5. Enable the IPv4 unicast address family in the VRF. 
    device(config-bgp-router)# address-family ipv4 unicast vrf red
    This example shows how to enable the IPv4 unicast address family in a VRF instance named red.
    Note

    Note

    The IPv4 unicast address family is always configured on the default VRF.
  6. Enable the flowspec IPv4 address family. 
    device(config-bgp-router)# address-family ipv4 flowspec vrf red
    This example shows how to enable IPv4 flowspec address family in a VRF instance named red.
    Note

    Note

    When a VRF instance is not specified, IPv4 flowspec address family is enabled in the default VRF.
  7. Activate the flowspec route exchange with the remote neighbor under the BGP flowspec IPv4 address family. 
    device(config-bgp-ipv4fs)# neighbor 10.61.61.6 activate
  8. (Optional) When the receiving device supports the 0x0800 extended-community type or the nlri holder (place where the nexthop IP address is encoded in the BGP update packet) or both, configure the flowspec redirect holder or nexthop action type for the neighbor. 
    device(config-bgp-ipv4fs)# neighbor 10.61.61.6 flowspec redirect holder nrli next-hop type 0x0800
  9. After you are done activating neighbors, configure the distribution of BGP flowspec rules. For more information, see Distribute BGP Flowspec Rules.

Example

The following example summarizes the commands in this task.

device# configure terminal
device(config)# router bgp
device(config-bgp-router)# local-as 666
device(config-bgp-router)# neighbor 10.61.61.6 remote-as 666
device(config-bgp-router)# address-family ipv4 unicast vrf red
device(config-bgp-router)# address-family ipv4 flowspec vrf red
device(config-bgp-ipv4fs)# neighbor 10.61.61.6 activate
device(config-bgp-ipv4fs)# neighbor 10.61.61.6 flowspec redirect holder nlri next-hop type 0x0800
9036691-01 Rev AA