Flow-spec is an extension to BGP that allows for the dissemination
of traffic flow specification rules. This has many possible
applications but the primary one for many network operators is the
distribution of traffic filtering actions for DDoS mitigation. The
flow-spec standard [RFC 5575] defines a redirect-to-VRF action for
policy-based forwarding but this mechanism can be difficult to use,
particularly in networks without L3 VPNs.
This draft proposes a new redirect-to-IP flow-spec action that
provides a simpler method of policy-based forwarding. This action is
indicated by the presence of a new BGP extended community in the
flow-spec route. Many routers already support a redirect-to-IP
filter action and, in this case, the only new functionality implied
by this draft is the ability to signal the action using flow-spec.