%% You should probably cite draft-ietf-idr-flowspec-interfaceset instead of this I-D. @techreport{litkowski-idr-flowspec-interfaceset-00, number = {draft-litkowski-idr-flowspec-interfaceset-00}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-litkowski-idr-flowspec-interfaceset/00/}, author = {Stephane Litkowski and Adam Simpson and Keyur Patel and Jeffrey Haas}, title = {{Applying BGP flowspec rules on a specific interface set}}, pagetotal = 8, year = 2014, month = jun, day = 30, abstract = {BGP Flow-spec is an extension to BGP that allows for the dissemination of traffic flow specification rules. The primary application of this extension is DDoS mitigation where the flowspec rules are applied in most cases to all peering routers of the network. This document will present another use case of BGP Flow-spec where flow specifications are used to maintain some access control lists at network boundary. BGP Flowspec is a very efficient distributing machinery that can help in saving OPEX while deploying/updating ACLs. This new application requires flow specification rules to be applied only on a specific subset of interfaces and in a specific direction. The current specification of BGP Flow-spec does not detail where the flow specification rules need to be applied. This document presents a new interface-set flowspec action that will be used in complement of other actions (marking, rate-limiting ...). The purpose of this extension is to inform remote routers on where to apply the flow specification. This extension can also be used in a DDoS mitigation context where a provider wants to apply the filtering only on specific peers.}, }