Table contains policy-based forwarding and encoding instructions. Values, grouped by indirection-id "ID-Type". The indirection-id table is the table construct of indirection-id On a flowspec client for policy-based forwarding onto an explicit The indirection-id is a 32-bit unsigned number, used as anchor point Making use of a 32-bit indirection-id using a new extended community.Įach indirection-id serves as anchor point, for policy-basedįorwarding onto an explicit path by a flowspec client.Ģ. This draft specifies a "Redirect to indirection-id" flowspec action There is need to steer the traffic onto an explicitely defined Mitigation, however using this methodology can be cumbersome when To steer traffic towards an alternate destination is useful for DDoS Such as discard and rate limit it also defines a redirect-to-VRFĪction for policy-based forwarding. Theįlowspec standard rfc5575bis defines widely-used filter actions Policy instructions for traffic handling on the flowspec client. Part, encoded in one or more BGP extended communities, provides Information about the traffic matching the policy rule. The first part, encoded in the NLRI field, provides ![]() Particularly if the redirected traffic needs to be steered onto anĮvery flowspec policy route is effectively a rule, consisting of two Policy-based forwarding, but this mechanism is not always sufficient, Theįlowspec standard rfc5575bis defines a redirect-to-VRF action for This has many possibleĪpplications but the primary one for many network operators is theĭistribution of traffic filtering actions for DDoS mitigation. Introductionįlowspec is an extension to BGP that allows for the dissemination of Redirect using localised indirection-id mapping table. Redirection to complex dynamically constructed tunnels. The Trust Legal Provisions and are provided without warranty asġ. Include Simplified BSD License text as described in Section 4.e of Code Components extracted from this document must Please review these documentsĬarefully, as they describe your rights and restrictions with respect This document is subject to BCP 78 and the IETF Trust's Legal Internet-Draft Flowspec Indirection-id Redirect May 2020Ĭopyright (c) 2020 IETF Trust and the persons identified as the This Internet-Draft will expire on November 27, 2020. Material or to cite them other than as "work in progress." It is inappropriate to use Internet-Drafts as reference Internet-Drafts are draft documents valid for a maximum of six monthsĪnd may be updated, replaced, or obsoleted by other documents at any Note that other groups may also distribute Internet-Drafts are working documents of the Internet Engineering This Internet-Draft is submitted in full conformance with the "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in thisĭocument are to be interpreted as described in RFC 2119. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The functionality detailed in this document allows a networkĬontroller to decouple the BGP flowspec redirection instruction from Information within a localised indirection-id mapping table. When activated, this flowspec extended community is used byĪ flowspec client to retrieve the corresponding next-hop and encoding ![]() This extendedĬommunity triggers advanced redirection capabilities to flowspecĬlients. Redirect to indirection-id Extended Community". This document defines a new extended community known as "FlowSpec Patelįlowspec Indirection-id Redirect draft-ietf-idr-flowspec-path-redirect-11
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |