%% You should probably cite rfc9117 instead of this I-D. @techreport{ietf-idr-bgp-flowspec-oid-03, number = {draft-ietf-idr-bgp-flowspec-oid-03}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-idr-bgp-flowspec-oid/03/}, author = {Jim Uttaro and Clarence Filsfils and David Smith and Juan Alcaide and Prodosh Mohapatra}, title = {{Revised Validation Procedure for BGP Flow Specifications}}, pagetotal = 9, year = 2016, month = mar, day = 21, abstract = {This document describes a modification to the validation procedure defined in RFC 5575 for the dissemination of BGP flow specifications. RFC 5575 requires that the originator of the flow specification matches the originator of the best-match unicast route for the destination prefix embedded in the flow specification. This allows only BGP speakers within the data forwarding path (such as autonomous system border routers) to originate BGP flow specifications. Though it is possible to disseminate such flow specifications directly from border routers, it may be operationally cumbersome in an autonomous system with a large number of border routers having complex BGP policies. The modification proposed herein enables flow specifications to be originated from a centralized BGP route controller.}, }