BGP Flowspec Support for IPv4
This chapter contains configurations of BGP Flowspec support for ipv4.
The BGP flow specification (flowspec) feature allows users to rapidly deploy and propagate filtering and policing functionality among a large number of BGP peer routers to mitigate the effects of a distributed denial-of-service (DDoS) attack over your network.
The BGP flowspec, specifically stated in here, allows users effectively to construct instructions to match a particular flow with source, destination, L4 parameters and packet specifics such as length, fragment and so on. Flowspec allows for a dynamic installation of an action at the border routers to either:
• Drop the traffic
• Inject it in a different VRF for analysis or
• Allow it, but police it at a specific defined rate
Topology
Figure 33-155: BGP Flowspec support fot IPv4
Configuration
CE1
CE1#configure terminal | Enter configure mode. |
CE1(config)# class-map type traffic match-all ocnos | Configure class map with class name |
CE1(config-cmap-tr)#match destination-address ipv4 3.3.3.3/32 | Configure match with destination ip address |
CE1(config-cmap-tr)#match source-address ipv4 3.3.3.3/32 | Enable match with source ip address |
CE1(config-cmap-tr)# match destination-port 44-144 | Enable match with destination port |
CE1(config-cmap-tr)#exit | Exit from class map traffic |
CE1(config)#commit | Commits the configuration |
CE1(config)#class-map type traffic match-all ocnos2 | Configure class map with class name |
CE1(config-cmap-tr)# match destination-address ipv4 10.1.1.0/24 | Configure match with destination ip address |
CE1(config-cmap-tr)# match source-address ipv4 10.1.1.0/24 | Enable match with source ip address |
CE1(config-cmap-tr)# match source-port 22-122 | Enter match with source port |
CE1(config-cmap-tr)#exit | Exit from class map traffic |
CE1(config)#commit | Commits the configuration |
CE1(config)#policy-map type pbr CE1 | Configure policy map type pbr with policy name |
CE1(config-pmap-pbr)# class type traffic ocnos2 | Enter class map traffic class name |
CE1(config-pmap-pbr-c)# police rate 21000 bps | Enable policy rate |
CE1(config-pmap-pbr-c)#exit | Exit from polocy map traffic |
CE1(config-pmap-pbr)#exit | Exit from policy map |
CE1(config)#policy-map type pbr PE1 | Configure policy map type pbr with policy name |
CE1(config-pmap-pbr)# class type traffic ocnos | Enter class map traffic class name |
CE1(config-pmap-pbr-c)# police rate 4444444 bps | Enable policy rate |
CE1(config-cmap-tr)#exit | Exit from class map |
CE1(config)#commit | Commits the configuration |
CE1(config)#flowspec | Configure flowspec |
CE1(config-flowspec)#address-family ipv4 | Enter address-family mode with ipv4 |
CE1(config-flowspec-af)#service-policy type pbr PE1 | Enable service plocy type pbr with policy name |
CE1(config-flowspec-af)#service-policy type pbr CE1 | Enable service plocy type pbr with policy name |
CE1(config-flowspec-af)#exit | Exit from address family mode |
CE1(config-flowspec)#commit | Commits the configuration |
CE1(config)#interface xe1 | Enter interface mode |
CE1(config-if)#ip address 10.1.1.1/24 | Configure ip address |
CE1(config-if)#exit | Exit from interface mode |
CE1(config)#interface xe1.10 | Enter the sub interface mode |
CE1(config-if)# encapsulation dot1q 10 | Enable encapsulate dot 1q |
CE1(config-if)# ip address 66.1.1.1/24 | Configure ip address |
CE1(config-if)#exit | Exit from interface mode |
CE1(config)#commit | Commits the configuration |
CE1(config)#router bgp 100 | Configure bgp intstance |
CE1(config-router)#neighbor 10.1.1.2 remote-as 65000 | Enable neighbour ip address with remote-as 65000 |
CE1(config-router)# neighbor 66.1.1.2 remote-as 65000 | Enable neighbour ip address with remote-as 65000 |
CE1(config-router)#address-family ipv4 unicast | Enter address family ipv4 unicast mode |
CE1(config-router-af)#redistribute connected | Enable redistribute connected |
CE1(config-router-af)#neighbor 10.1.1.2 activate | Activate the neighbour |
CE1(config-router-af)#neighbor 66.1.1.2 activate | Activate the neighbour |
CE1(config-router-af)#exit-address-family | Exit from address family mode |
CE1(config-router)#address-family ipv4 flowspec | Enter address family ipv4 flowspec mode |
CE1(config-router-af)#neighbor 10.1.1.2 activate | Activate the neighbour |
CE1(config-router-af)#neighbor 66.1.1.2 activate | Activate the neighbour |
CE1(config-router-af)#exit-address-family | Exit from address family mode |
CE1(config-router)#exit | Exit from router mode |
CE1(config)#commit | Commits the configuration |
PE1
PE1#configure terminal | Enter configure mode. |
PE1(config)#ip vrf vrf100 | Enter vrf vrf name |
PE1(config-vrf)# rd 100:1 | Enter rd value |
PE1(config-vrf)# route-target both 100:1 | Enter router targeted as both |
PE1(config-vrf)#exit | Exit from vrf mode |
PE1(config)#commit | Commits the configuration |
PE1(config)#ip vrf vrf101 | Enter vrf vrf name |
PE1(config-vrf)# rd 101:1 | Enter rd value |
PE1(config-vrf)# route-target both 101:1 | Enter router targeted as both |
PE1(config-vrf)#exit | Exit from vrf mode |
PE1(config)#commit | Commits the configuration |
PE1(config)#qos enable | Enable qos |
PE1(config)#qos statistics | Enable qos statistics |
PE1(config)#class-map type traffic match-all clas1 | Configure class map with class name |
PE1(config-cmap-tr)# match destination-address ipv4 4.4.4.4/32 | Configure match with destination ip address |
PE1(config-cmap-tr)# match destination-port 400-499 | Enable match with destination-port |
PE1(config-cmap-tr)#exit | Exit from class map traffic mode |
PE1(config)#commit | Commits the configuration |
PE1(config)#policy-map type pbr pol1 | Configure policy map type pbr with policy name |
PE1(config-pmap-pbr)# class type traffic clas1 | Enable class type traffic with class map name |
PE1(config-pmap-pbr-c)# redirect ipv4 extcommunity rt 100:10 | Enable redirect ipv4 extcommunity with rt |
PE1(config-pmap-pbr-c)#exit | Exit from policy map traffic |
PE1(config-pmap-pbr)#exit | Exit from policy map |
PE1(config)#commit | Commits the configuration |
PE1(config)#flowspec | Configure flowspec |
PE1(config-flowspec)# address-family ipv4 | Enter address-family mode with ipv4 |
PE1(config-flowspec-af)# service-policy type pbr pol1 | Enable service policy type pbr with policy name |
PE1(config-flowspec-af)#exit | Exit from address family mode |
PE1(config-flowspec)#exit | Exit from flowspec mode |
PE1(config)#commit | Commits the configuration |
PE1(config)#router ldp | Configure router ldp |
PE1(config-router)# targeted-peer ipv4 3.3.3.3 | Configure targeted peer ipv4 address |
PE1(config-router-targeted-peer)# exit-targeted-peer-mode | Exit from targeted peer mode |
PE1(config-router)#exit | Exit from router mode |
PE1(config)#commit | Commits the configuration |
PE1(config)#interface lo | Enter interface mode |
PE1(config-if)# ip address 1.1.1.1/32 secondary | Assign ip address as secondary |
PE1(config-if)# ip router isis 1 | Enable router isis instance |
PE1(config-if)#exit | Exit from interface mode |
PE1(config)#commit | Commits the configuration |
PE1(config)#interface ce51 | Enter interface mode |
PE1(config-if)# ip address 40.1.1.1/24 | Assign ip address |
PE1(config-if)# label-switching | Enable label switching |
PE1(config-if)# ip router isis 1 | Enable router isis instance |
PE1(config-if)# enable-ldp ipv4 | Enable ldp ipv4 |
PE1(config-if)#exit | Exit from interface mode |
PE1(config)#commit | Commits the configuration |
PE1(config)#interface xe1 | Enter interface mode |
PE1(config-if)# ip vrf forwarding vrf100 | Enable vrf forwarding with vrf name |
PE1(config-if)# ip address 10.1.1.2/24 | Assigh the ip address |
PE1(config-if)#exit | Exit from interface mode |
PE1(config)#commit | Commits the configuration |
PE1-7026(config)#interface xe1.10 | Enter the sub interface mode |
PE1-7026(config-if)# encapsulation dot1q 10 | Enable encapsulate dot 1q |
PE1-7026(config-if)# ip vrf forwarding vrf100 | Enable vrf forwarding under interface |
PE1-7026(config-if)# ip address 66.1.1.2/24 | Assigh the ip address |
PE1-7026(config-if)#exit | Exit from interface mode |
PE1(config)#interface xe7 | Enter the interface mode |
PE1(config-if)# ip address 20.1.1.1/24 | Enter ip address |
PE1(config-if)# label-switching | Enable label switching |
PE1(config-if)# ip router isis 1 | Enable router isis instance |
PE1(config-if)# enable-ldp ipv4 | Enable ldp ipv4 |
PE1(config-if)#exit | Exit from interface mode |
PE1(config)#commit | Commits the configuration |
PE1(config)#router isis 1 | Configure isis instance |
PE1(config-router)# is-type level-1-2 | Enable is-type level-1-2 |
PE1(config-router)# metric-style wide | Enable metric style wide |
PE1(config-router)# mpls traffic-eng router-id 1.1.1.1 | Enter router id |
PE1(config-router)# mpls traffic-eng level-1 | Enable traffic engg level-1 |
PE1(config-router)# mpls traffic-eng level-2 | Enable traffic engg level-2 |
PE1(config-router)# dynamic-hostname | Enable hostname |
PE1(config-router)# bfd all-interfaces | Enable bfd all the interfaces |
PE1(config-router)# net 49.0000.0000.0001.00 | Enter network id |
PE1(config-router)#exit | Exit from isis instance |
PE1(config)#commit | Commits the configuration |
PE1(config)#router bgp 65000 | Configure bgp instance |
PE1(config-router)# neighbor 3.3.3.3 remote-as 65000 | Enable neighbour address with remote-as 65000 |
PE1(config-router)#neighbor 10.1.1.1 remote-as 100 | Enable neighbour address with remote-as 100 |
PE1(config-router)#neighbor 3.3.3.3 update-source lo | Enable neighbour address with update loppbacl |
PE1(config-router)# address-family ipv4 unicast | Enter address family ipv4 unicast mode |
PE1(config-router-af)# neighbor 3.3.3.3 activate | Activate the neighbour |
PE1(config-router-af)# neighbor 10.1.1.1 activate | Activate the neighbour |
PE1(config-router-af)# exit-address-family | Exit from address family mode |
PE1(config-router)# address-family vpnv4 unicast | Enter address family vpnv4 mode |
PE1(config-router-af)# neighbor 3.3.3.3 activate | Activate the neighbour |
PE1(config-router-af)# exit-address-family | Exit from address family |
PE1(config-router)# address-family ipv4 flowspec | Enter address family ipv4 flowspec mode |
PE1(config-router-af)# neighbor 3.3.3.3 activate | Activate the neighbour |
PE1(config-router-af)# neighbor 10.1.1.1 activate | Activate the neighbour |
PE1(config-router-af)# exit-address-family | Exit from address family |
PE1(config-router)# address-family vpnv4 flowspec | Enter address family vpnv4 flowpsec mode |
PE1(config-router-af)# neighbor 3.3.3.3 activate | Activate the neighbour |
PE1(config-router-af)# exit-address-family | Exit from address family |
PE1(config-router)# address-family ipv4 vrf vrf100 | Enter address family ipv4 vrf mode |
PE1(config-router-af)# neighbor 66.1.1.1 remote-as 100 | Enter neighbor ip add with remote-as 100 |
PE1(config-router-af)# neighbor 66.1.1.1 activate | Activate the neighbour |
PE1(config-router)# address-family ipv4 flowspec vrf vrf100 | Enter address family ipv4 vrf flowspec mode |
PE1(config-router-af)# neighbor 66.1.1.1 activate | Activate the neighbour |
PE1(config-router-af)# exit-address-family | Exit from address family |
PE1(config-router)#exit | Exit from router mode |
PE1(config)#commit | Commits the configuration |
P1
P1#configure terminal | Enter configure mode. |
P1(config)#router ldp | Enter router ldp |
P1(config-router)#exit | Exit from ldp mode |
P1(config)#commit | Commits the configuration |
P1(config)#interface lo | Enter interface mode |
P1(config-if)#ip address 2.2.2.2/32 secondary | Assigned ip add as secondary |
P1(config-if)# ip router isis 1 | Enter isis instance |
P1(config-if)#exit | Exit from interface mode |
P1(config)#commit | Commits the configuration |
P1(config)#interface ce43 | Enter interface mode |
P1(config-if)# speed 40g | Set the speed |
P1(config-if)# ip address 11.1.1.2/24 | Assign the ip add |
P1(config-if)# label-switching | Enable label switching |
P1(config-if)# ip router isis 1 | Enter router isis instance |
P1(config-if)# enable-ldp ipv4 | Enable ldp ipv4 |
P1(config-if)#exit | Exit from interface mode |
P1(config)#commit | Commits the configuration |
P1(config)#interface xe7 | Enter interface mode |
P1(config-if)# ip address 20.1.1.2/24 | Assign the ip add |
P1(config-if)# label-switching | Enable label switching |
P1(config-if)# ip router isis 1 | Enter router isis instance |
P1(config-if)# enable-ldp ipv4 | Enable ldp ipv4 |
P1(config-if)#exit | Exit from interface mode |
P1(config)#commit | Commits the configuration |
P1(config)#router isis 1 | Configure isis instance |
P1(config-router)# is-type level-1-2 | Configure is-type-level-1-2 |
P1(config-router)# metric-style wide | Configure metric style wide |
P1(config-router)# mpls traffic-eng router-id 2.2.2.2 | Configure router id |
P1(config-router)# mpls traffic-eng level-1 | Configure traffic engg level-1 |
P1(config-router)# mpls traffic-eng level-2 | Configure traffic engg level-2 |
P1(config-router)# dynamic-hostname | Configure hostname |
P1(config-router)# bfd all-interfaces | Enable bfd all interfaces |
P1(config-router)# net 49.0000.0000.0002.00 | Configure network id |
P1(config-router)#exit | Exit from isis instance mode |
P1(config)#commit | Commits the configuration |
P2
P2#configure terminal | Enter configure mode. |
P2(config)#router ldp | Enter router ldp |
P2(config-router)#exit | Exit from ldp mode |
P2(config)#commit | Commits the configuration |
P2(config)#interface lo | Enter the interface mode |
P2(config-if)# ip address 6.6.6.6/32 secondary | Assign the ip address secondary |
P2(config-if)# ip router isis 1 | Enter router isis instance |
P2(config-if)#exit | Exit from interface mode |
P2(config)#commit | Commits the configuration |
P2(config)#interface ce53 | Enter the interface mode |
P2(config-if)# ip address 50.1.1.2/24 | Assign the ip add |
P2(config-if)# label-switching | Enable label switching |
P2(config-if)# ip router isis 1 | Enter router isis instance |
P2(config-if)# enable-ldp ipv4 | Enable ldp ipv4 |
P2(config-if)#exit | Exit from interface mode |
P2(config)#commit | Commits the configuration |
P2(config)#interface ce51 | Enter the interface mode |
P2(config-if)# ip address 40.1.1.2/24 | Assign the ip add |
P2(config-if)# label-switching | Enable label switching |
P2(config-if)# ip router isis 1 | Enter router isis instance |
P2(config-if)# enable-ldp ipv4 | Enable ldp ipv4 |
P2(config-if)#exit | Exit from interface mode |
P2(config)#commit | Commits the configuration |
P2(config)#router isis 1 | Configure isis instance |
P2(config-router)# is-type level-1-2 | Configure is-type-level-1-2 |
P2(config-router)# metric-style wide | Configure metric style wide |
P2(config-router)# mpls traffic-eng router-id 6.6.6.6 | Configure router id |
P2(config-router)# mpls traffic-eng level-1 | Configure traffic engg level-1 |
P2(config-router)# mpls traffic-eng level-2 | Configure traffic engg level-2 |
P2(config-router)# dynamic-hostname | Configure hostname |
P2(config-router)# bfd all-interfaces | Enable bfd all interfaces |
P2(config-router)# net 49.0000.0000.0006.00 | Configure network id |
P2(config-router)#exit | Exit from isis instance mode |
P2(config)#commit | Commits the configuration |
PE2
PE2#configure terminal | Enter configure mode. |
PE2(config)#router ldp | Configure router ldp |
PE2(config-router)# targeted-peer ipv4 1.1.1.1 | Configure targeted peer ipv4 address |
PE2(config-router-targeted-peer)#exit-targeted-peer-mode | Exit from targeted peer mode |
PE2(config-router)#exit | Exit from router mode |
PE2(config)#commit | Commits the configuration |
PE2(config)#ip vrf vrf100 | Enter vrf vrf name |
PE2(config-vrf)# rd 100:1 | Enter rd value |
PE2(config-vrf)# route-target both 100:1 | Enter router targeted as both |
PE2(config-vrf)#exit | Exit from vrf mode |
PE2(config)#commit | Commits the configuration |
PE2(config)#ip vrf vrf101 | Enter vrf vrf name |
PE2(config-vrf)# rd 101:1 | Enter rd value |
PE2(config-vrf)# route-target both 101:1 | Enter router targeted as both |
PE2(config-vrf)#exit | Exit from vrf mode |
PE2(config)#commit | Commits the configuration |
PE2(config)#class-map type traffic match-all cl1 | Configure class map with class name |
PE2(config-cmap-tr)# match destination-address ipv4 1.1.1.1/32 | Configure match with destination ip address |
PE2(config-cmap-tr)# match source-address ipv4 3.3.3.3/32 | Enable match with source ip address |
PE2(config-cmap-tr)# match destination-port 300-399 | Enable match with destination-port |
PE2(config-cmap-tr)#exit | Exit from class map traffic mode |
PE2(config)#commit | Commits the configuration |
PE2(config)#policy-map type pbr pol1 | Configure policy map type pbr with policy name |
PE2(config-pmap-pbr)# class type traffic cl1 | Enable class type traffic with class map name |
PE2(config-pmap-pbr-c)# police rate 1111111 bps | Enable policy rate |
PE2(config-pmap-pbr-c)#exit | Exit from polocy map traffic |
PE2(config-pmap-pbr)#exit | Exit from policy map |
PE2(config)#commit | Commits the configuration |
PE2(config)#flowspec | Configure flowspec |
PE2(config-flowspec)# address-family ipv4 | Enter address-family mode with ipv4 |
PE2(config-flowspec-af)# service-policy type pbr pol1 | Enable service plocy type pbr with policy name |
PE2(config-flowspec-af)#exit | Exit from address family mode |
PE2(config-flowspec)#exit | Exit from flowspec mode |
PE2(config)#commit | Commits the configuration |
PE2(config)#interface lo | Enter the interface mode |
PE2(config-if)# ip address 3.3.3.3/32 secondary | Assigne the ip add secondary |
PE2(config-if)# ip router isis 1 | Enter router isis instance |
PE2(config-if)#exit | Exit from interface mode |
PE2(config)#commit | Commits the configuration |
PE2(config)#interface ce4 | Enter the interface mode |
PE2(config-if)# ip address 50.1.1.1/24 | Assign the ip add |
PE2(config-if)# label-switching | Enable label switching |
PE2(config-if)# ip router isis 1 | Enter router isis instance |
PE2(config-if)# enable-ldp ipv4 | Enable ldp ipv4 |
PE2(config-if)#exit | Exit from interface mode |
PE2(config)#commit | Commits the configuration |
PE2(config)#interface ce43 | Enter the interface mode |
PE2(config-if)# speed 40g | Set the interface speed |
PE2(config-if)# ip address 11.1.1.1/24 | Assign the ip add |
PE2(config-if)# label-switching | Enable label switching |
PE2(config-if)# ip router isis 1 | Enter router isis instance |
PE2(config-if)#enable-ldp ipv4 | Enable ldp ipv4 |
PE2(config-if)#exit | Exit from interface mode |
PE2(config)#commit | Commits the configuration |
PE2(config)#interface ce6 | Enter the interface mode |
PE2(config-if)# ip address 30.1.1.2/24 | Assign the ip add |
PE2(config-if)#exit | Exit from interface mode |
PE2(config)#commit | Commits the configuration |
PE2-7023(config)#interface ce6.10 | Enter the sub interface mode |
PE2-7023(config-if)# encapsulation dot1q 10 | Enable encapsulate dot 1q |
PE2-7023(config-if)# ip vrf forwarding vrf100 | Enable vrf forwarding vrf under interface |
PE2-7023(config-if)# ip address 55.1.1.1/24 | Assign the ip add |
PE2-7023(config-if)#exit | Exit from interface mode |
PE2(config)#router isis 1 | Configure isis instance |
PE2(config-router)# is-type level-1-2 | Configure is-type-level-1-2 |
PE2(config-router)# metric-style wide | Configure metric style wide |
PE2(config-router)# mpls traffic-eng router-id 3.3.3.3 | Configure router id |
PE2(config-router)# mpls traffic-eng level-1 | Configure traffic engg level-1 |
PE2(config-router)# mpls traffic-eng level-2 | Configure traffic engg level-2 |
PE2(config-router)# dynamic-hostname | Configure hostname |
PE2(config-router)# bfd all-interfaces | Enable bfd all interfaces |
PE2(config-router)# net 49.0000.0000.0003.00 | Configure network id |
PE2(config-router)#exit | Exit from isis instance mode |
PE2(config)#commit | Commits the configuration |
PE2(config)#router bgp 65000 | Configure bgp instance |
PE2(config-router)# neighbor 1.1.1.1 remote-as 65000 | Enable neighbour address with remote-as 65000 |
PE2(config-router)# neighbor 30.1.1.1 remote-as 200 | Enable neighbour address with remote-as 200 |
PE2(config-router)# neighbor 1.1.1.1 update-source lo | Enable neighbour address with update loppbacl |
PE2(config-router)# address-family ipv4 unicast | Enter address family ipv4 unicast mode |
PE2(config-router-af)# neighbor 1.1.1.1 activate | Activate the neighbour |
PE2(config-router-af)# neighbor 30.1.1.1 activate | Activate the neighbour |
PE2(config-router-af)# exit-address-family | Exit from address family mode |
PE2(config-router)# address-family vpnv4 unicast | Enter address family vpnv4 mode |
PE2(config-router-af)# neighbor 1.1.1.1 activate | Activate the neighbour |
PE2(config-router-af)# exit-address-family | Exit from address family |
PE2(config-router)# address-family ipv4 flowspec | Enter address family ipv4 flowspec mode |
PE2(config-router-af)# neighbor 1.1.1.1 activate | Activate the neighbour |
PE2(config-router-af)# neighbor 30.1.1.1 activate | Activate the neighbour |
PE2(config-router-af)# exit-address-family | Exit from address family |
PE2(config-router)# address-family vpnv4 flowspec | Enter address family vpnv4 flowpsec mode |
PE2(config-router-af)# neighbor 1.1.1.1 activate | Activate the neighbour |
PE2(config-router-af)# exit-address-family | Exit from address family |
PE2(config-router)# address-family ipv4 vrf vrf100 | Enter address family ipv4 vrf mode |
PE2(config-router-af)# neighbor 55.1.1.2 remote-as 200 | Enter neighbor ip add with remote-as 100 |
PE2(config-router-af)# neighbor 55.1.1.2 activate | Activate the neighbour |
PE2(config-router-af)# exit-address-family | Exit from address family |
PE2(config-router)# address-family ipv4 flowspec vrf vrf100 | Enter address family ipv4 vrf flowspec mode |
PE2(config-router-af)# neighbor 55.1.1.2 activate | Activate the neighbour |
PE2(config-router-af)# exit-address-family | Exit from address family |
PE2(config-router)#exit | Exit from router mode |
PE2(config)#commit | Commits the configuration |
CE2
CE2#configure terminal | Enter configure mode. |
CE2(config)#class-map type traffic match-all clas1 | Configure class map with class name |
CE2(config-cmap-tr)# match destination-address ipv4 4.4.4.4/32 | Configure match with destination ip address |
CE2(config-cmap-tr)# match source-address ipv4 5.5.5.5/32 | Enable match with source ip address |
CE2(config-cmap-tr)# match destination-port 1300-1400 | Enable match with destination-port |
CE2(config-cmap-tr)#exit | Exit from class map traffic mode |
CE2(config)#commit | Commits the configuration |
CE2(config)#class-map type traffic match-all clas2 | Configure class map with class name |
CE2(config-cmap-tr)# match destination-address ipv4 30.1.1.0/24 | Configure match with destination ip address |
CE2(config-cmap-tr)# match source-address ipv4 30.1.1.0/24 | Enable match with source ip address |
CE2(config-cmap-tr)# match source-port 500-600 | Enable match with source-port |
CE2(config-cmap-tr)# match tcp-flag 21 bit-mask 3f | Enable match with tcp flag bit |
CE2(config-cmap-tr)# match dscp 21 | Enable match with dscp |
CE2(config-cmap-tr)#exit | Exit from class map traffic mode |
CE2(config)#commit | Commits the configuration |
CE2(config)#policy-map type pbr pol1 | Configure policy map type pbr with policy name |
CE2(config-pmap-pbr)#class type traffic clas1 | Enable class type traffic with class map name |
CE2(config-pmap-pbr-c)#police rate 100000 bps | Enable policy rate |
CE2(config-pmap-pbr-c)#exit | Exit from polocy map traffic |
CE2(config-pmap-pbr)#exit | Exit from policy map |
CE2(config)#commit | Commits the configuration |
CE2(config)#policy-map type pbr pol2 | Configure policy map type pbr with policy name |
CE2(config-pmap-pbr)# class type traffic clas2 | Enable class type traffic with class map name |
CE2(config-pmap-pbr-c)# police rate 500000 bps | Enable policy rate |
CE2(config-pmap-pbr-c)# set dscp 1e | Exit from polocy map traffic |
CE2(config-pmap-pbr-c)#exit | Exit from policy map |
CE2(config-pmap-pbr)#exit | Commits the configuration |
CE2(config)#commit | Configure policy map type pbr with policy name |
CE2(config)#flowspec | Configure flowspec |
CE2(config-flowspec)# address-family ipv4 | Enter address-family mode with ipv4 |
CE2(config-flowspec-af)# service-policy type pbr pol1 | Enable service plocy type pbr with policy name |
CE2(config-flowspec-af)# service-policy type pbr pol2 | Enable service plocy type pbr with policy name |
CE2(config-flowspec-af)#exit | Exit from address family mode |
CE2(config-flowspec)#exit | Exit from flowspec mode |
CE2(config)#commit | Commits the configuration |
CE2(config)#interface lo | |
Enter interface mode | |
CE2(config-if)# ip address 5.5.5.5/32 secondary | Assign the ip address secondary |
CE2(config-if)# ip router isis 1 | Enter router isis instance |
CE2(config-if)#exit | Exit from interface mode |
CE2(config)#commit | Commits the configuration |
CE2(config)#interface ce49 | Enter interface mode |
CE2(config-if)# ip address 30.1.1.1/24 | Enter interface mode |
CE2(config-if)#exit | Exit from interface mode |
CE2(config)#commit | Commits the configuration |
CE2(config)#router bgp 200 | Configure bgp instance |
CE2(config-router)# neighbor 30.1.1.2 remote-as 65000 | Enable neighbour address with remote-as 65000 |
CE2(config-router)# neighbor 55.1.1.1 remote-as 65000 | Enable neighbour address with remote-as 200 |
CE2(config-router)# address-family ipv4 unicast | Enter address family ipv4 unicast mode |
CE2(config-router-af)# redistribute connected | Enter redistribute connected |
CE2(config-router-af)# neighbor 30.1.1.2 activate | Activate the neighbour |
CE2(config-router-af)# neighbor 55.1.1.1 activate | Activate the neighbour |
CE2(config-router-af)# exit-address-family | Exit from address family mode |
CE2(config-router)# address-family ipv4 flowspec | Enter address family ipv4 flowspec mode |
CE2(config-router-af)# neighbor 30.1.1.2 activate | Activate the neighbour |
CE2(config-router-af)# neighbor 55.1.1.1 activate | Activate the neighbour |
CE2(config-router-af)# exit-address-family | Exit from address family |
CE2(config-router)#exit | Exit from router bgp mode |
CE2(config)#commit | Commits the configuration |
Last modified date: 10/16/2023