Skip to main content

Applying BGP flowspec rules on a specific interface set

Document Type Expired Internet-Draft (idr WG)
Expired & archived
Authors Stephane Litkowski , Adam Simpson , Keyur Patel , Jeffrey Haas , Lucy Yong
Last updated 2020-05-21 (Latest revision 2019-11-18)
Replaces draft-litkowski-idr-flowspec-interfaceset
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Additional resources Mailing list discussion
Stream WG state WG Document
Other - see Comment Log
Document shepherd (None)
IESG IESG state Expired
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


The BGP Flow Specification (flowspec) Network Layer Reachability Information (BGP NLRI) extension (draft-ietf-idr-rfc5575bis) is used to distribute traffic flow specifications into BGP. The primary application of this extension is the distribution of traffic filtering policies for the mitigation of distributed denial of service (DDoS) attacks. By default, flow specification filters are applied on all forwarding interfaces that are enabled for use by the BGP flowspec extension. A network operator may wish to apply a given filter selectively to a subset of interfaces based on an internal classification scheme. Examples of this include "all customer interfaces", "all peer interfaces", "all transit interfaces", etc. This document defines BGP Extended Communities (RFC4360) that allow such filters to be selectively applied to sets of forwarding interfaces sharing a common group identifier. The BGP Extended Communities carrying this group identifier are referred to as the BGP Flowspec "interface-set" Extended Communities.


Stephane Litkowski
Adam Simpson
Keyur Patel
Jeffrey Haas
Lucy Yong

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)