BGP Flow-Specification Case Study
This section provides a sample use case for the BGP flow-spec feature. The network topology is shown in Figure 4-4.

Figure 4-4. BGP Flow-Spec Topology.
Routers R1 and R2 have the best practice IPv4 RE protection filter previously discussed in effect on their loopback interfaces. The DDoS protection feature is enabled with the only change from the default being scaled FPC bandwidth for the ICMP aggregate. They peer with each other using loopback-based MP-IBGP, and to External peers P1 and T1 using EBGP. The P1 network is the source of routes from the 130.130/16 block, whereas T1 is the source of 120.120/16 routes. IS-IS Level 2 is used as the IGP. It runs passively on the external links to ensure the EBGP next-hops can be resolved. It is also used to distribute the loopback addresses used to support the IBGP peering. The protocols stanza on R1 is shown here:
{master}[edit]
jnpr@R1-RE0# show protocols bgp { log-updown; group t1_v4 { type external; export bgp_export; peer-as 65050; neighbor 192.168.1.1; } group int_v4 { type internal; local-address 10.3.255.2; family inet { unicast; flow; } bfd-liveness-detection { minimum-interval 150; multiplier 3; } neighbor 10.3.255.1; } } isis { reference-bandwidth 100g; level 1 disable; interface xe-2/1/1.0 { passive; } interface ae0.1 { point-to-point; bfd-liveness-detection { minimum-interval 150; multiplier 3; ...Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access