Flow Specifications
A flow specification is an n-tuple consisting of several matching criteria that can be applied to IP traffic. A
given IP packet is said to match the defined flow if it matches all the specified criteria. A given flow may be
associated with a set of attributes, depending on the particular application; such attributes may or may not
include reachability information (that is, NEXT_HOP).
Every flow-spec route is effectively a rule, consisting of a matching part (encoded in the NLRI field) and an
action part (encoded as a BGP extended community). The BGP flowspec rules are converted internally to
equivalent C3PL policy representing match and action parameters. The match and action support can vary
based on underlying platform hardware capabilities. Supported Matching Criteria and Actions, on page 206
and Traffic Filtering Actions, on page 209 provides information on the supported match (tuple definitions)
and action parameters.
Supported Matching Criteria and Actions
A Flow Specification NLRI type may include several components such as destination prefix, source prefix,
protocol, ports, and so on. This NLRI is treated as an opaque bit string prefix by BGP. Each bit string identifies
a key to a database entry with which a set of attributes can be associated. This NLRI information is encoded
using MP_REACH_NLRI and MP_UNREACH_NLRI attributes. Whenever the corresponding application
does not require Next-Hop information, this is encoded as a 0-octet length Next Hop in the MP_REACH_NLRI
attribute and ignored on receipt. The NLRI field of the MP_REACH_NLRI and MP_UNREACH_NLRI is
encoded as a 1- or 2-octet NLRI length field followed by a variable-length NLRI value. The NLRI length is
expressed in octets.
The Flow specification NLRI-type consists of several optional sub-components. A specific packet is considered
to match the flow specification when it matches the intersection (AND) of all the components present in the
specification. The following are the supported component types or tuples that you can define:
Tuple definition possibilities
Value input methodDescription and Syntax ConstructionQoS match fieldsBGP
Flowspec
NLRI type
Prefix lengthDefines the destination prefix to match.
Prefixes are encoded in the BGP UPDATE
messages as a length in bits followed by
enough octets to contain the prefix
information.
Encoding: <type (1 octet), prefix length (1
octet), prefix>
Syntax:
match destination-address {ipv4}
address/mask length
IPv4 Destination
address
Type 1
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 5.3.x
206
Implementing BGP Flowspec
Information About Implementing BGP Flowspec
To Next Page
Loading...
Need help?
General
