Configuration Examples for Implementing BGP Flowspec
Flowspec Rule Configuration
Flowspec rule configuration example
In this example, two flowspec rules are created for two different VRFs with the goal that all packets to 10.0.1/24
from 192/8 and destination-port {range [137, 139] or 8080, rate limit to 500 bps in blue vrf and drop it in
vrf-default. The goal is also to disable flowspec getting enabled on gig 0/0/0/0.
class-map type traffic match-all fs_tuple
match destination-address ipv4 10.0.1.0/24
match source-address ipv4 192.0.0.0/8
match destination-port 137-139 8080
end-class-map
!
!
policy-map type pbr fs_table_blue
class type traffic fs_tuple
police rate 500 bps
!
!
class class-default
!
end-policy-map
policy-map type pbr fs_table_default
class type traffic fs_tuple
drop
!
!
class class-default
!
end-policy-map
flowspec
local-install interface-all
address-family ipv4
service-policy type pbr fs_table_default
!
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 5.3.x
225
Implementing BGP Flowspec
Configuration Examples for Implementing BGP Flowspec
To Next Page
Loading...
Need help?
General
