# Flowspec (RFC5575)

GoBGP supports [RFC5575](https://tools.ietf.org/html/rfc5575) and

Implementation of IPv6 flowspec ([draft-ietf-idr-flow-spec-v6-06](https://tools.ietf.org/html/draft-ietf-idr-flow-spec-v6-06))
is future work.

## Prerequisites

## Configuration

To advertise flowspec routes, enumerate `ipv4-flowspec` to neighbor's
afi-safi-list like below.

    As = 64512
    RouterId = ""

      NeighborAddress = ""
      PeerAs = 64512
        AfiSafiName = "ipv4-flowspec"

## <a name="section1"> Add Flowspec routes through CLI

CLI syntax to add flowspec is

% global rib add match <MATCH_EXPR> then <THEN_EXPR> -a ipv4-flowspec
    <MATCH_EXPR> : { destination <PREFIX> | source <PREFIX> |
                     protocol <PROTO>... | fragment <FRAGMENT_TYPE> | tcp-flags <TCPFLAG>... |
                     { port | destination-port | source-port | icmp-type | icmp-code | packet-length | dscp } <ITEM>... }...
        <PROTO> : ipip, sctp, unknown, igmp, tcp, egp, rsvp, pim, icmp, igp, udp, gre, ospf
        <FRAGMENT_TYPE> : not-a-fragment, is-a-fragment, first-fragment, last-fragment
        <TCPFLAG> : push, ack, urgent, fin, syn, rst
        <ITEM> : &?{<|>|=}<value>
    <THEN_EXPR> : { accept | discard | rate-limit <value> | redirect <RT> | mark <value> | action { sample | terminal | sample-terminal } | rt <RT>... }...
        <RT> : xxx:yyy, xx.xx.xx.xx:yyy, xxx.xxx:yyy

### Examples

# add a flowspec rule which redirect flows with dst and src to VRF with RT 10:10
% gobgp global rib -a ipv4-flowspec add match destination source then redirect 10:10

# show flowspec table
% gobgp global rib -a ipv4-flowspec
   Network                                       Next Hop             AS_PATH              Age        Attrs
*> [destination:][source:]                                   00:00:04   [{Origin: i} {Extcomms: [redirect: 10:10]}]

# add another flowspec rule which discard flows whose ip protocol is tcp and destination port is 80 or greater than or equal to 8080 and lesser than or equal to 8888
% gobgp global rib -a ipv4-flowspec add match protocol tcp destination-port '=80' '>=8080&<=8888' then discard

% gobgp global rib -a ipv4-flowspec
   Network                                              Next Hop             AS_PATH              Age        Attrs
*> [destination:][source:]                                   00:03:19   [{Origin: i} {Extcomms: [redirect: 10:10]}]
*> [protocol: tcp][destination-port: =80 >=8080&<=8888]                                   00:00:03   [{Origin: i} {Extcomms: [discard]}]

# delete a flowspec rule
% gobgp global rib -a ipv4-flowspec del match destination source then redirect 10:10

% gobgp global rib -a ipv4-flowspec
   Network                                              Next Hop             AS_PATH              Age        Attrs
*> [protocol: tcp][destination-port: =80 >=8080&<=8888]                                   00:00:03   [{Origin: i} {Extcomms: [discard]}]