FLOWSPEC CONFIGURATION Flashcards
What should be removed from P4 before configuring Flowspec?
All static routes and static redistribution into BGP.
What role does P4 play in this Flowspec configuration?
P4 acts as the Flowspec ‘server’ or distribution point.
Which command configures all PEs to install Flowspec policies locally on all interfaces?
‘flowspec local-install interface-all’
What is the command to enable Flowspec on P4?
‘flowspec’
What command enables the ipv4 flowspec BGP address-family on PE routers?
‘address-family ipv4 flowspec’ in BGP configuration
What command activates the neighbor 10.4.4.4 in the ipv4 Flowspec address-family on PE routers?
‘neighbor 10.4.4.4 activate’
What is the purpose of the ‘route-reflector-client’ command in the BGP configuration on P4?
It configures P4 as a route reflector for ipv4 Flowspec.
How do you check the BGP flowspec summary on PE1?
‘show bgp ipv4 flowspec sum’
Which command on P4 defines a policy to drop traffic from a specific source address?
‘class-map type traffic match-all’ followed by ‘match source-address’ and a ‘policy-map’
What does the ‘drop’ action in a policy-map do?
It drops the matched traffic.
How do you associate a policy-map with Flowspec on P4?
‘service-policy type pbr ‘ under ‘flowspec’ configuration.
How can you verify if PE1 received and installed the Flowspec policy?
‘show flowspec ipv4 sum’ or ‘show flowspec ipv4’
What does the ‘police rate’ command in a policy-map do?
It rate-limits traffic to the specified rate (in bps).
What command can you use to apply a rate-limit instead of dropping traffic?
‘police rate’ command in a policy-map.
What happens if traffic matches multiple policies in Flowspec?
The policies may conflict, such as one dropping traffic and the other applying a rate-limit, and the last applied policy will take effect.