I am having a bit issue with regards to announcing bgp flowspec rules.
I am trying to announce to different types of rules but for some reason, when one rule is in place and when i announce 2nd rule, the initial rule is withdrawn.
For Ex:
1st Rule Announced for BGP Flowspec Rate-Limit to 100Mbps to 2.2.2.2/32
cisco_router#sh bgp flow-spec ipv4 destination 2.2.2.2/32 detail
BGP Flow Specification rules for VRF default
Router identifier 7.7.0.4, local AS number xxxx
BGP Flow Specification Matching Rule for 2.2.2.2/32;*;
Rule identifier: 140589008397264
Matching Rule:
Destination Prefix: 2.2.2.2/32
Source Prefix: *
Paths: 1 available
64512
from 10.252.152.188 (10.252.152.188)
Origin INCOMPLETE, metric -, localpref 100, weight 0, valid, external, best
Actions: Police: 10 kbps (1.25 kBps)
When i try to announce a Flowspec Redirect to Next Hop, the Flowspec Rate-Limit is replaced.
cisco_router#sh bgp flow-spec ipv4 destination 2.2.2.2/32 detail
BGP Flow Specification rules for VRF default
Router identifier 7.7.0.4, local AS number xxxx
BGP Flow Specification Matching Rule for 2.2.2.2/32;*;
Rule identifier: 140589008397264
Matching Rule:
Destination Prefix: 2.2.2.2/32
Source Prefix: *
Paths: 1 available
64512
from 10.252.152.188 (10.252.152.188)
Origin INCOMPLETE, metric -, localpref 100, weight 0, valid, external, best
Actions: Redirect IP: 1.1.1.1
**when i withdraw the Nexthop Redirect rule, there no longer any rules for the prefix while the flowspec rate-limit rule is still being announced from its bgp peer.
Have anyone experienced this in the past or can explain why this is happening?
Also I tested this with more specific like adding protocol to the flowspec rate-limit and this does NOT happen it is only happening to less specific flowspec announcement which is what i am looking to do. I am looking to basically limit all traffic to a dest prefix.
No comments:
Post a Comment