BGP - Flowspec

Flowspec (Flow Specification) is a feature that provides a way to perform traffic filtering and rate-limiting based on specific flow characteristics, such as source and destination IPv4 and IPv6 addresses, IP protocol, source and destination ports, and more.

Flowspec allows network operators to distribute traffic filtering and rate-limiting rules across their network using BGP, which can help mitigate the impact of DDoS attacks and other unwanted traffic patterns.

When Flowspec is enabled, the router receives specially-formatted BGP Network Layer Reachability Information (NLRI) messages containing the flow characteristics and the desired actions to apply to the matching traffic. The router then uses this information to dynamically create and apply traffic filtering and rate-limiting policies.

To configure Flowspec on a Cisco IOS router, you need to enable BGP, configure a BGP session with a neighbor, and configure BGP policy templates with the desired traffic filtering and rate-limiting actions. Additionally, you may need to enable Flowspec client functionality and configure the router to accept and install Flowspec routes.

Links:

https://www.rfc-editor.org/rfc/rfc5575

https://www.rfc-editor.org/rfc/rfc7674

https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/routers/ncs6000/software/ncs6k-r7-0/routing/configuration/guide/b-routing-cg-ncs6000-70x/b-routing-cg-ncs6000-70x_chapter_011.html.xml

https://forum.networklessons.com/t/introduction-to-bgp/1227/80?u=lagapides