Applying BGP flowspec rules on a specific interface set
draft-ietf-idr-flowspec-interfaceset-05
| Document | Type | Expired Internet-Draft (idr WG) | |
|---|---|---|---|
| Authors | Stephane Litkowski , Adam Simpson , Keyur Patel , Jeffrey Haas , Lucy Yong | ||
| Last updated | 2020-05-21 (latest revision 2019-11-18) | ||
| Replaces | draft-litkowski-idr-flowspec-interfaceset | ||
| Stream | IETF | ||
| Intended RFC status | (None) | ||
| Formats |
Expired & archived
pdf
htmlized (tools)
htmlized
bibtex
|
||
| Reviews | |||
| Stream | WG state | WG Document | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | Expired | |
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | (None) | ||
| Send notices to | (None) | ||
https://www.ietf.org/archive/id/draft-ietf-idr-flowspec-interfaceset-05.txt
Abstract
The BGP Flow Specification (flowspec) Network Layer Reachability Information (BGP NLRI) extension (draft-ietf-idr-rfc5575bis) is used to distribute traffic flow specifications into BGP. The primary application of this extension is the distribution of traffic filtering policies for the mitigation of distributed denial of service (DDoS) attacks. By default, flow specification filters are applied on all forwarding interfaces that are enabled for use by the BGP flowspec extension. A network operator may wish to apply a given filter selectively to a subset of interfaces based on an internal classification scheme. Examples of this include "all customer interfaces", "all peer interfaces", "all transit interfaces", etc. This document defines BGP Extended Communities (RFC4360) that allow such filters to be selectively applied to sets of forwarding interfaces sharing a common group identifier. The BGP Extended Communities carrying this group identifier are referred to as the BGP Flowspec "interface-set" Extended Communities.
Authors
Stephane Litkowski
(slitkows.ietf@gmail.com)
Adam Simpson
(adam.1.simpson@nokia.com)
Keyur Patel
(keyur@arrcus.com)
Jeffrey Haas
(jhaas@juniper.net)
Lucy Yong
(lucy.yong@huawei.com)
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)