Table of Contents
Advertisement
Implementing BGP Flowspec
Command or Action
Step 2
router bgp as-number
Example:
RP/0/RP0/CPU0:router(config)# router bgp 100
Step 3
neighbor ip-address
Example:
RP/0/RP0/CPU0:router(config)# router bgp 100
neighbor 1.1.1.1
Step 4
address-family { ipv4 }
Example:
RP/0/RP0/CPU0:router(config-bgp)# router bgp 100
neighbor 1.1.1.1 address-family ipv4
Step 5
flowspec validation { disable | redirect disable }
Example:
RP/0/RP0/CPU0:router(config-bgp)# router bgp 100
neighbor 1.1.1.1 address-family ipv4 flowspec
validation disable
Configuration Examples for Implementing BGP Flowspec
Flowspec Rule Configuration
Flowspec rule configuration example
In this example, two flowspec rules are created for two different VRFs with the goal that all packets
to 10.0.1/24 from 192/8 and destination-port {range [137, 139] or 8080, rate limit to 500 bps in blue
vrf and drop it in vrf-default. The goal is also to disable flowspec getting enabled on gig 0/0/0/0.
class-map type traffic match-all fs_tuple
match destination-address ipv4 10.0.1.0/24
match source-address ipv4 192.0.0.0/8
match destination-port 137-139 8080
end-class-map
!
!
policy-map type pbr fs_table_blue
class type traffic fs_tuple
Purpose
Specifies the autonomous system number and enters the
BGP configuration mode, allowing you to configure the
BGP routing process.
Places the router in neighbor configuration mode for BGP
routing and configures the neighbor IP address as a BGP
peer.
Specifies the IPv4 address family and enters address family
configuration submode, and initializes the global address
family.
You can choose to disable flowspec validation as a whole
for all eBGP sessions or disable redirect nexthop validation.
Routing Configuration Guide for Cisco NCS 6000 Series Routers, IOS XR Release 6.4.x
Configuration Examples for Implementing BGP Flowspec
123
Advertisement
Chapters
Table of Contents
