ShortestPathFirst Network Architecture and Design, and Information Security Best Practices

An Overview of BGP FlowSpec

Written by Stefan Fouant

I have given this presentation a few times in the last year and was asked to make this available for public consumption. Essentially, this is a brief overview of RFC 5575, entitled “Dissemination of Flow Specification Rules”, written by Danny McPherson, Jared Mauch, and others. This standard had somewhat of a rocky beginning as there was limited vendor support, but as of recently it appears to have picked up quite a bit of steam with Cisco announcing support for the protocol in the very near future. The benefit of BGP Flow Spec is that it allows BGP speakers to use a new BGP NLRI defining flow filter information which can then be advertised to upsteam neighbors via BGP. The primary and immediate motivation of this protocol is to provide intra and inter provider distribution of traffic filtering rules to filter DoS and DDoS attacks, however it can be used for a wide variety of applications in which filtering information must be dynamically distributed throughout a network. I will probably make additional modifications to these slides as the protocol gains more significant foothold throughout the vendor community and as Service Providers gain more practical deployment experience. As with my other presentations, I will eventually add a voice-over to turn this into a slide-cast.

About Stefan Fouant

Stefan Fouant is a Technical Trainer and JNCP Proctor at Juniper Networks with over 15 years of experience in the networking industry. His background includes launching an industry-first DDoS Mitigation and Detection service at Verizon Business, as well as building customized solutions for various mission-critical networks. He holds several patents in the areas of DDoS Detection and Mitigation, as well as many industry certifications including CISSP, JNCIE-M, JNCIE-ER, and JNCIE-SEC.