BGP Flowspec Interoperability Lab
This presentation will summarize the results and findings of a joint research project (next layer and T-Mobile) on BGP flow specification interoperability in inter AS deployments carried out last summer.
BGP flow specification (RFC 5575) defines a protocol to rapidly deploy access control lists and forwarding policies (flow-specification filters and actions) amongst all participating routers via a newly defined BGP address family. This technology is increasingly deployed within provider networks for DDoS mitigation.
Since BGP is used to exchange the flow specification filters, this technology also allows to exchange filters with adjacent networks (external BGP). However, inter AS deployments are very rare. To encourage the ISP community to extend their BGP flow specification deployment to their peers and customers, we built a router lab with equipment of four different manufacturers (Alcatel/Nokia, Cisco, Huawei, Juniper) to demonstrate how such a multi vendor inter AS deployment could look like. We share our complete lab setup and findings with the ISP community.
BGP flow specification (RFC 5575) defines a protocol to rapidly deploy access control lists and forwarding policies (flow-specification filters and actions) amongst all participating routers via a newly defined BGP address family. This technology is increasingly deployed within provider networks for DDoS mitigation.
Since BGP is used to exchange the flow specification filters, this technology also allows to exchange filters with adjacent networks (external BGP). However, inter AS deployments are very rare. To encourage the ISP community to extend their BGP flow specification deployment to their peers and customers, we built a router lab with equipment of four different manufacturers (Alcatel/Nokia, Cisco, Huawei, Juniper) to demonstrate how such a multi vendor inter AS deployment could look like. We share our complete lab setup and findings with the ISP community.
