Applying BGP flowspec rules on a specific interface set

Document Type Expired Internet-Draft (idr WG)
Authors Stephane Litkowski  , Adam Simpson  , Keyur Patel  , Jeffrey Haas  , Lucy Yong 
Last updated 2020-05-21 (latest revision 2019-11-18)
Replaces draft-litkowski-idr-flowspec-interfaceset
Stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Expired & archived
plain text xml pdf htmlized bibtex
Stream WG state WG Document
Other - see Comment Log
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


The BGP Flow Specification (flowspec) Network Layer Reachability Information (BGP NLRI) extension (draft-ietf-idr-rfc5575bis) is used to distribute traffic flow specifications into BGP. The primary application of this extension is the distribution of traffic filtering policies for the mitigation of distributed denial of service (DDoS) attacks. By default, flow specification filters are applied on all forwarding interfaces that are enabled for use by the BGP flowspec extension. A network operator may wish to apply a given filter selectively to a subset of interfaces based on an internal classification scheme. Examples of this include "all customer interfaces", "all peer interfaces", "all transit interfaces", etc. This document defines BGP Extended Communities (RFC4360) that allow such filters to be selectively applied to sets of forwarding interfaces sharing a common group identifier. The BGP Extended Communities carrying this group identifier are referred to as the BGP Flowspec "interface-set" Extended Communities.


Stephane Litkowski (
Adam Simpson (
Keyur Patel (
Jeffrey Haas (
Lucy Yong (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)