EasyManuals Logo

Cisco NCS 6000 Series User Manual

Cisco NCS 6000 Series
498 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #143 background imageLoading...
Page #143 background image
PurposeCommand or Action
Preserves the next-hop for the flowspec unchanged.flowspec next-hop unchanged
Example:
Step 5
RP/0/RP0/CPU0:router(config-bgp)# router bgp 100
neighbor 1.1.1.1 address-family ipv4 flowspec
next-hop unchanged
Validate BGP Flowspec
BGP Flowspec validation is enabled by default for flowspec SAFI routes for IPv4. VPN routes are not subject
to the flow validation. A flow specification NLRI is validated to ensure that any one of the following conditions
holds true for the functionality to work:
• The originator of the flow specification matches the originator of the best-match unicast route for the
destination prefix embedded in the flow specification.
• There are no more specific unicast routes, when compared with the flow destination prefix, that have
been received from a different neighboring AS than the best-match unicast route, which has been
determined in the previous condition.
• The AS_PATH and AS4_PATH attribute of the flow specification are empty.
• The AS_PATH and AS4_PATH attribute of the flow specification does not contain AS_SET and
AS_SEQUENCE segments.
Any path which does not meet these conditions, is appropriately marked by BGP and not installed in flowspec
manager. Additionally, BGP enforces that the last AS added within the AS_PATH and AS4_PATH attribute
of a EBGP learned flow specification NLRI must match the last AS added within the AS_PATH and
AS4_PATH attribute of the best-match unicast route for the destination prefix embedded in the flow
specification. Also, when the redirect-to-IP extended community is present, by default, BGP enforces the
following check when receiving a flow-spec route from an eBGP peer:
If the flow-spec route has an IP next-hop X and includes a redirect-to-IP extended community, then the BGP
speaker discards the redirect-to-ip extended community (and not propagate it further with the flow-spec route)
if the last AS in the AS_PATH or AS4_PATH attribute of the longest prefix match for X does not match the
AS of the eBGP peer.
Disable Flowspec Redirect and Validation, on page 122 explains the procedure to disable BGP flowspec
validation.
Disabling BGP Flowspec
This procedure disables BGP flowspec policy on an interface.
SUMMARY STEPS
1. configure
2. interface type interface-path-id
3. { ipv4 } flowspec disable
4. commit
Routing Configuration Guide for Cisco NCS 6000 Series Routers, IOS XR Release 6.4.x
121
Implementing BGP Flowspec
Validate BGP Flowspec

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco NCS 6000 Series and is the answer not in the manual?

Cisco NCS 6000 Series Specifications

General IconGeneral
BrandCisco
ModelNCS 6000 Series
CategoryNetwork Router
LanguageEnglish

Related product manuals