Configuration Examples For Implementing Bgp Flowspec; Flowspec Rule Configuration - Cisco ASR 9000 Series Routing Configuration Manual

Implementing BGP Flowspec

Configuration Examples for Implementing BGP Flowspec

Flowspec Rule Configuration

Flowspec rule configuration example
In this example, two flowspec rules are created for two different VRFs with the goal that all packets to 10.0.1/24
from 192/8 and destination-port {range [137, 139] or 8080, rate limit to 500 bps in blue vrf and drop it in
vrf-default. The goal is also to disable flowspec getting enabled on gig 0/0/0/0.
class-map type traffic match-all fs_tuple
match destination-address ipv4 10.0.1.0/24
match source-address ipv4 192.0.0.0/8
match destination-port 137-139 8080
end-class-map
!
!
policy-map type pbr fs_table_blue
class type traffic fs_tuple
police rate 500 bps
!
!
class class-default
!
end-policy-map
policy-map type pbr fs_table_default
class type traffic fs_tuple
drop
!
!
class class-default
!
end-policy-map
flowspec
local-install interface-all
address-family ipv4
service-policy type pbr fs_table_default
!
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 5.3.x
Configuration Examples for Implementing BGP Flowspec
225