doc: Update Flowspec document

Signed-off-by: Satoshi Fujimoto <satoshi.fujimoto7@gmail.com>

1 files changed, 36 insertions, 21 deletions

diff --git a/docs/sources/flowspec.md b/docs/sources/flowspec.md
index 6d48d8a6..58a7df1c 100644
--- a/docs/sources/flowspec.md
+++ b/docs/sources/flowspec.md
@@ -2,8 +2,8 @@
 
 GoBGP supports [RFC5575](https://tools.ietf.org/html/rfc5575),
 [RFC7674](https://tools.ietf.org/html/rfc7674), 
-[draft-ietf-idr-flow-spec-v6-06](https://tools.ietf.org/html/draft-ietf-idr-flow-spec-v6-06) 
-and [draft-ietf-idr-flowspec-l2vpn-03](https://tools.ietf.org/html/draft-ietf-idr-flowspec-l2vpn-03).
+[draft-ietf-idr-flow-spec-v6](https://tools.ietf.org/html/draft-ietf-idr-flow-spec-v6)
+and [draft-ietf-idr-flowspec-l2vpn](https://tools.ietf.org/html/draft-ietf-idr-flowspec-l2vpn).
 
 ## Prerequisites
 
@@ -15,7 +15,7 @@ Assume you finished [Getting Started](https://github.com/osrg/gobgp/blob/master/
 
 ## <a name="section0"> Configuration
 
-To advertise flowspec routes, enumerate `ipv4-flowspec` to neighbor's
+To advertise flowspec routes, enumerate each flowspec family to neighbor's
 afi-safis like below.
 
 ```toml
@@ -36,6 +36,12 @@ afi-safis like below.
 [[neighbors.afi-safis]]
   [neighbors.afi-safis.config]
   afi-safi-name = "l2vpn-flowspec"
+[[neighbors.afi-safis]]
+  [neighbors.afi-safis.config]
+  afi-safi-name = "l3vpn-ipv4-flowspec"
+[[neighbors.afi-safis]]
+  [neighbors.afi-safis.config]
+  afi-safi-name = "l3vpn-ipv6-flowspec"
 ```
 
 ## <a name="section1"> Add Flowspec routes through CLI
@@ -45,11 +51,13 @@ CLI syntax to add ipv4/ipv6 flowspec rule is
 ```shell
 % global rib add match <MATCH_EXPR> then <THEN_EXPR> -a [ipv4-flowspec|ipv6-flowspec]
    <MATCH_EXPR> : { destination <PREFIX> [<OFFSET>] | source <PREFIX> [<OFFSET>] |
-                    protocol <PROTO>... | fragment [!] [=] <FRAGMENT_TYPE> | tcp-flags [!] [=] <TCPFLAG>... |
+                    protocol <PROTO>... | fragment <FRAGMENT> | tcp-flags <TCPFLAG> |
                     { port | destination-port | source-port | icmp-type | icmp-code | packet-length | dscp | label } <ITEM>... }...
    <PROTO> : ospf, pim, igp, udp, igmp, tcp, egp, rsvp, gre, ipip, unknown, icmp, sctp, <VALUE>
+   <FRAGMENT> : [!] [=] <FRAGMENT_TYPE> {(&| ) <FRAGMENT>}
    <FRAGMENT_TYPE> : dont-fragment, is-fragment, first-fragment, last-fragment, not-a-fragment
-   <TCPFLAG> : U, C, E, F, S, R, P, A
+   <TCPFLAG> : [!] [=] <FLAGS> {(&| ) <TCPFLAG>}
+   <FLAGS> : U, C, E, F, S, R, P, A
    <ITEM> : &?{<|>|>=|<=|==|!=}<value>
    <THEN_EXPR> : { accept | discard | rate-limit <value> | redirect <RT> | mark <value> | action { sample | terminal | sample-terminal } | rt <RT>... }...
    <RT> : xxx:yyy, xx.xx.xx.xx:yyy, xxx.xxx:yyy, <ipv6_address>:yyy
@@ -65,9 +73,19 @@ that for l2vpn flowspec rule is
    <THEN_EXPR> : { accept | discard | rate-limit <value> | redirect <RT> | mark <value> | action { sample | terminal | sample-terminal } | rt <RT>... }...
    <RT> : xxx:yyy, xx.xx.xx.xx:yyy, xxx.xxx:yyy, <ipv6_address>:yyy
 ```
+
+and that for ipv4/ipv6 l3vpn flowspec rule is the same with ipv4/ipv6 flowspec rule other than `rd <RD>`.
+
+``` shell
+% global rib add rd <RD> match <MATCH_EXPR> then <THEN_EXPR> -a [ipv4-l3vpn-flowspec|ipv6-l3vpn-flowspec]
+   ...(the same as ipv4-flowspec|ipv6-flowspec)...
+   <RD> : xxx:yyy, xx.xx.xx.xx:yyy, xxx.xxx:yyy, <ipv6_address>:yyy
+```
+
+
 ### Decimal values and Operators
 
-Gobgp comply with the following draft: https://tools.ietf.org/html/draft-hr-idr-rfc5575bis-03
+Gobgp comply with ['RFC5575'](https://tools.ietf.org/html/rfc5575).
 
 All decimal values like ports, destination port, source port, procotol number can be married with the following operators:
 ```
@@ -87,37 +105,34 @@ All decimal values like ports, destination port, source port, procotol number ca
 ### Examples
 
 ```shell
-# add a flowspec rule which redirect flows with dst 10.0.0.0/24 and src 20.0.0.0/24 to VRF with RT 10:10
+# add a flowspec rule which redirect flows whose dst 10.0.0.0/24 and src 20.0.0.0/24 to VRF with RT 10:10
 % gobgp global rib -a ipv4-flowspec add match destination 10.0.0.0/24 source 20.0.0.0/24 then redirect 10:10
 
-# add a flowspec rule wich discard flows with dst 2001::2/128 and port equals 80 and with TCP flags not match SA (SYN/ACK) and not match U (URG)
+# add a flowspec rule wich discard flows whose dst 2001::2/128 and port equals 80 and with TCP flags not match SA (SYN/ACK) and not match U (URG)
 % gobgp global rib -a ipv6-flowspec add match destination 2001::2/128 port '==80' tcp-flags '=!SA&=!U' then discard
 
-# show flowspec table
+# show ipv4 flowspec table
 % gobgp global rib -a ipv4-flowspec
    Network                                       Next Hop             AS_PATH              Age        Attrs
-*> [destination:10.0.0.0/24][source:20.0.0.0/24] 0.0.0.0                                   00:00:04   [{Origin: i} {Extcomms: [redirect: 10:10]}]
+*> [destination:10.0.0.0/24][source:20.0.0.0/24] fictitious                                00:00:06   [{Origin: ?} {Extcomms: [redirect: 10:10]}]
 
 # add another flowspec rule which discard flows whose
-  # ip protocol is tcp and
-  # destination port is 80 or greater than or equal to 8080 and lesser than or equal to 8888 and
+  # ip protocol is tcp
+  # destination port is 80 or greater than or equal to 8080 and lesser than or equal to 8888
   # packet is a first fragment or a last fragment
 % gobgp global rib -a ipv4-flowspec add match protocol tcp destination-port '==80' '>=8080&<=8888' fragment '=first-fragment =last-fragment' then discard
 
-# add flowspec rule to drop traffic not going to destination port 80, 443 or 22
-
-gobgp global rib -a ipv4-flowspec add match destination 2.2.2.2/32 dest-port '!=80&!=443&!=22' then discard
-
 % gobgp global rib -a ipv4-flowspec
-   Network                                                                                          Next Hop             AS_PATH              Age        Attrs
-*> [destination:10.0.0.0/24][source:20.0.0.0/24]                                                    0.0.0.0                                   00:03:19   [{Origin: i} {Extcomms: [redirect: 10:10]}]
-*> [protocol:==tcp ][destination-port: ==80 >=8080&<=8888][fragment:=first-fragment =last-fragment ]0.0.0.0                                   00:00:05   [{Origin: ?} {Extcomms: [discard]}]
+   Network                                       Next Hop             AS_PATH              Age        Attrs
+*> [destination:10.0.0.0/24][source:20.0.0.0/24] fictitious                                00:05:55   [{Origin: ?} {Extcomms: [redirect: 10:10]}]
+*> [protocol:==tcp ][destination-port: ==80 >=8080&<=8888][fragment: =first-fragment =last-fragment] fictitious                                00:22:23   [{Origin: ?} {Extcomms: [discard]}]
 
 
 # delete a flowspec rule
 % gobgp global rib -a ipv4-flowspec del match destination 10.0.0.0/24 source 20.0.0.0/24 then redirect 10:10
 
 % gobgp global rib -a ipv4-flowspec
-   Network                                                                                          Next Hop             AS_PATH              Age        Attrs
-*> [protocol:==tcp ][destination-port: ==80 >=8080&<=8888][fragment:=first-fragment =last-fragment ]0.0.0.0                                   00:00:05   [{Origin: ?} {Extcomms: [discard]}]
+   Network                                                                                           Next Hop             AS_PATH              Age        Attrs
+*> [protocol:==tcp ][destination-port: ==80 >=8080&<=8888][fragment: =first-fragment =last-fragment] fictitious                                00:23:30   [{Origin: ?} {Extcomms: [discard]}]
+
 ```