1 .. _bgp-user-guide-flowspec-family:
3 Flow Specification Family
4 =========================
5 The BGP Flow Specification (BGP-FS) Multiprotocol extension can be used to distribute traffic flow specifications.
6 For example, the BGP-FS can be used in a case of (distributed) denial-of-service (DDoS) attack mitigation procedures and traffic filtering (BGP/MPLS VPN service, DC).
14 This section shows a way to enable BGP-FS family in BGP speaker and peer configuration.
18 To enable BGP-FS support in BGP plugin, first configure BGP speaker instance:
20 **URL:** ``/restconf/config/openconfig-network-instance:network-instances/network-instance/global-bgp/openconfig-network-instance:protocols``
22 **RFC8040 URL:** ``/rests/data/openconfig-network-instance:network-instances/network-instance=global-bgp/protocols``
30 **Content-Type:** ``application/xml``
36 <protocol xmlns="http://openconfig.net/yang/network-instance">
37 <name>bgp-example</name>
38 <identifier xmlns:x="http://openconfig.net/yang/policy-types">x:BGP</identifier>
39 <bgp xmlns="urn:opendaylight:params:xml:ns:yang:bgp:openconfig-extensions">
42 <router-id>192.0.2.2</router-id>
47 <afi-safi-name>IPV4-FLOW</afi-safi-name>
50 <afi-safi-name>IPV6-FLOW</afi-safi-name>
53 <afi-safi-name>IPV4-L3VPN-FLOW</afi-safi-name>
56 <afi-safi-name>IPV6-L3VPN-FLOW</afi-safi-name>
65 **Content-Type:** ``application/json``
74 "identifier": "openconfig-policy-types:BGP",
75 "name": "bgp-example",
76 "bgp-openconfig-extensions:bgp": {
79 "router-id": "192.0.2.2",
85 "afi-safi-name": "IPV4-FLOW"
88 "afi-safi-name": "IPV6-FLOW"
91 "afi-safi-name": "IPV4-L3VPN-FLOW"
94 "afi-safi-name": "IPV6-L3VPN-FLOW"
106 Here is an example for BGP peer configuration with enabled BGP-FS family.
108 **URL:** ``/restconf/config/openconfig-network-instance:network-instances/network-instance/global-bgp/openconfig-network-instance:protocols/protocol/openconfig-policy-types:BGP/bgp-example/bgp/neighbors``
116 **Content-Type:** ``application/xml``
122 <neighbor xmlns="urn:opendaylight:params:xml:ns:yang:bgp:openconfig-extensions">
123 <neighbor-address>192.0.2.1</neighbor-address>
126 <afi-safi-name>IPV4-FLOW</afi-safi-name>
129 <afi-safi-name>IPV6-FLOW</afi-safi-name>
132 <afi-safi-name>IPV4-L3VPN-FLOW</afi-safi-name>
135 <afi-safi-name>IPV6-L3VPN-FLOW</afi-safi-name>
142 **Content-Type:** ``application/json``
151 "neighbor-address": "192.0.2.1",
155 "afi-safi-name": "IPV4-FLOW"
158 "afi-safi-name": "IPV6-FLOW"
161 "afi-safi-name": "IPV4-L3VPN-FLOW"
164 "afi-safi-name": "IPV6-L3VPN-FLOW"
172 Flow Specification API
173 ^^^^^^^^^^^^^^^^^^^^^^
174 Following trees illustrate the BGP Flow Specification routes structure.
176 IPv4 Flow Specification Route
177 '''''''''''''''''''''''''''''
178 .. code-block:: console
180 :(flowspec-routes-case)
181 +--ro flowspec-routes
182 +--ro flowspec-route* [route-key path-id]
183 +--ro route-key string
185 | +--ro (flowspec-type)?
188 | | +--ro op? numeric-operand
189 | | +--ro value? uint16
190 | +--:(destination-port-case)
191 | | +--ro destination-ports*
192 | | +--ro op? numeric-operand
193 | | +--ro value? uint16
194 | +--:(source-port-case)
195 | | +--ro source-ports*
196 | | +--ro op? numeric-operand
197 | | +--ro value? uint16
198 | +--:(icmp-type-case)
200 | | +--ro op? numeric-operand
201 | | +--ro value? uint8
202 | +--:(icmp-code-case)
204 | | +--ro op? numeric-operand
205 | | +--ro value? uint8
206 | +--:(tcp-flags-case)
208 | | +--ro op? bitmask-operand
209 | | +--ro value? uint16
210 | +--:(packet-length-case)
211 | | +--ro packet-lengths*
212 | | +--ro op? numeric-operand
213 | | +--ro value? uint16
216 | | +--ro op? numeric-operand
217 | | +--ro value? dscp
218 | +--:(fragment-case)
220 | | +--ro op? bitmask-operand
221 | | +--ro value? fragment
222 | +--:(destination-prefix-case)
223 | | +--ro destination-prefix? inet:ipv4-prefix
224 | +--:(source-prefix-case)
225 | | +--ro source-prefix? inet:ipv4-prefix
226 | +--:(protocol-ip-case)
227 | +--ro protocol-ips*
228 | +--ro op? numeric-operand
230 +--ro path-id path-id
232 +--ro extended-communities*
233 +--ro transitive? boolean
234 +--ro (extended-community)?
235 +--:(traffic-rate-extended-community-case)
236 | +--ro traffic-rate-extended-community
237 | +--ro informative-as? bgp-t:short-as-number
238 | +--ro local-administrator? netc:bandwidth
239 +--:(traffic-action-extended-community-case)
240 | +--ro traffic-action-extended-community
241 | +--ro sample? boolean
242 | +--ro terminal-action? boolean
243 +--:(redirect-extended-community-case)
244 | +--ro redirect-extended-community
245 | +--ro global-administrator? bgp-t:short-as-number
246 | +--ro local-administrator? binary
247 +--:(traffic-marking-extended-community-case)
248 | +--ro traffic-marking-extended-community
249 | +--ro global-administrator? dscp
250 +--:(redirect-ipv4-extended-community-case)
251 | +--ro redirect-ipv4
252 | +--ro global-administrator? inet:ipv4-address
253 | +--ro local-administrator? uint16
254 +--:(redirect-as4-extended-community-case)
256 | +--ro global-administrator? inet:as-number
257 | +--ro local-administrator? uint16
258 +--:(redirect-ip-nh-extended-community-case)
259 +--ro redirect-ip-nh-extended-community
260 +--ro next-hop-address? inet:ip-address
264 IPv6 Flow Specification Route
265 '''''''''''''''''''''''''''''
266 .. code-block:: console
268 :(flowspec-ipv6-routes-case)
269 +--ro flowspec-ipv6-routes
270 +--ro flowspec-route* [route-key path-id]
272 | +--ro (flowspec-type)?
275 | | +--ro op? numeric-operand
276 | | +--ro value? uint16
277 | +--:(destination-port-case)
278 | | +--ro destination-ports*
279 | | +--ro op? numeric-operand
280 | | +--ro value? uint16
281 | +--:(source-port-case)
282 | | +--ro source-ports*
283 | | +--ro op? numeric-operand
284 | | +--ro value? uint16
285 | +--:(icmp-type-case)
287 | | +--ro op? numeric-operand
288 | | +--ro value? uint8
289 | +--:(icmp-code-case)
291 | | +--ro op? numeric-operand
292 | | +--ro value? uint8
293 | +--:(tcp-flags-case)
295 | | +--ro op? bitmask-operand
296 | | +--ro value? uint16
297 | +--:(packet-length-case)
298 | | +--ro packet-lengths*
299 | | +--ro op? numeric-operand
300 | | +--ro value? uint16
303 | | +--ro op? numeric-operand
304 | | +--ro value? dscp
305 | +--:(fragment-case)
307 | | +--ro op? bitmask-operand
308 | | +--ro value? fragment
309 | +--:(destination-ipv6-prefix-case)
310 | | +--ro destination-prefix? inet:ipv6-prefix
311 | +--:(source-ipv6-prefix-case)
312 | | +--ro source-prefix? inet:ipv6-prefix
313 | +--:(next-header-case)
314 | | +--ro next-headers*
315 | | +--ro op? numeric-operand
316 | | +--ro value? uint8
317 | +--:(flow-label-case)
319 | +--ro op? numeric-operand
320 | +--ro value? uint32
321 +--ro path-id path-id
323 +--ro extended-communities*
324 +--ro transitive? boolean
325 +--ro (extended-community)?
326 +--:(traffic-rate-extended-community-case)
327 | +--ro traffic-rate-extended-community
328 | +--ro informative-as? bgp-t:short-as-number
329 | +--ro local-administrator? netc:bandwidth
330 +--:(traffic-action-extended-community-case)
331 | +--ro traffic-action-extended-community
332 | +--ro sample? boolean
333 | +--ro terminal-action? boolean
334 +--:(redirect-extended-community-case)
335 | +--ro redirect-extended-community
336 | +--ro global-administrator? bgp-t:short-as-number
337 | +--ro local-administrator? binary
338 +--:(traffic-marking-extended-community-case)
339 | +--ro traffic-marking-extended-community
340 | +--ro global-administrator? dscp
341 +--:(redirect-ipv6-extended-community-case)
342 | +--ro redirect-ipv6
343 | +--ro global-administrator? inet:ipv6-address
344 | +--ro local-administrator? uint16
345 +--:(redirect-as4-extended-community-case)
347 | +--ro global-administrator? inet:as-number
348 | +--ro local-administrator? uint16
349 +--:(redirect-ip-nh-extended-community-case)
350 +--ro redirect-ip-nh-extended-community
351 +--ro next-hop-address? inet:ip-address
356 The flowspec route represents rules and an action, defined as an extended community.
358 IPv4 Flow Specification
359 '''''''''''''''''''''''
360 The IPv4 Flowspec table in an instance of the speaker's Loc-RIB can be verified via REST:
362 **URL:** ``/restconf/operational/bgp-rib:bgp-rib/rib/bgp-example/loc-rib/tables/bgp-types:ipv4-address-family/bgp-flowspec:flowspec-subsequent-address-family/bgp-flowspec:flowspec-routes``
374 <flowspec-routes xmlns="urn:opendaylight:params:xml:ns:yang:bgp-flowspec">
377 <route-key>all packets to 192.168.0.1/32 AND from 10.0.0.2/32 AND where IP protocol equals to 17 or equals to 6 AND where port equals to 80 or equals to 8080 AND where destination port is greater than 8080 and is less than 8088 or equals to 3128 AND where source port is greater than 1024 </route-key>
386 <extended-communities>
387 <transitive>true</transitive>
388 <redirect-extended-community>
389 <local-administrator>AgMWLg==</local-administrator>
390 <global-administrator>258</global-administrator>
391 </redirect-extended-community>
392 </extended-communities>
395 <destination-prefix>192.168.0.1/32</destination-prefix>
398 <source-prefix>10.0.0.2/32</source-prefix>
406 <op>equals end-of-list</op>
416 <op>equals end-of-list</op>
422 <op>greater-than</op>
426 <op>less-than and-bit</op>
430 <op>equals end-of-list</op>
436 <op>end-of-list greater-than</op>
453 "route-key": "all packets to 192.168.0.1/32 AND from 10.0.0.2/32 AND where IP protocol equals to 17 or equals to 6 AND where port equals to 80 or equals to 8080 AND where destination port is greater than 8080 and is less than 8088 or equals to 3128 AND where source port is greater than 1024",
461 "extended-communities": {
462 "transitive": "true",
463 "redirect-extended-community": {
464 "local-administrator": "AgMWLg==",
465 "global-administrator": 258
471 "destination-prefix": "192.168.0.1/32"
474 "source-prefix": "10.0.0.2/32"
483 "op": "equals end-of-list",
495 "op": "equals end-of-list",
501 "destination-ports": [
503 "op": "greater-than",
507 "op": "less-than and-bit",
511 "op": "equals end-of-list",
518 "op": "end-of-list greater-than",
527 IPv6 Flows Specification
528 ''''''''''''''''''''''''
529 The IPv6 Flowspec table in an instance of the speaker's Loc-RIB can be verified via REST:
531 **URL:** ``/restconf/operational/bgp-rib:bgp-rib/rib/bgp-example/loc-rib/tables/bgp-types:ipv6-address-family/bgp-flowspec:flowspec-subsequent-address-family/bgp-flowspec:flowspec-ipv6-routes``
543 <flowspec-ipv6-routes xmlns="urn:opendaylight:params:xml:ns:yang:bgp-flowspec">
546 <route-key>all packets to 2001:db8:31::/64 AND from 2001:db8:30::/64 AND where next header equals to 17 AND where DSCP equals to 50 AND where flow label equals to 2013 </route-key>
555 <extended-communities>
556 <transitive>true</transitive>
557 <traffic-rate-extended-community>
558 <informative-as>0</informative-as>
559 <local-administrator>AAAAAA==</local-administrator>
560 </traffic-rate-extended-community>
561 </extended-communities>
564 <destination-prefix>2001:db8:31::/64</destination-prefix>
567 <source-prefix>2001:db8:30::/64</source-prefix>
571 <op>equals end-of-list</op>
577 <op>equals end-of-list</op>
583 <op>equals end-of-list</op>
588 </flowspec-ipv6-routes>
597 "flowspec-ipv6-routes": {
600 "route-key": "all packets to 2001:db8:31::/64 AND from 2001:db8:30::/64 AND where next header equals to 17 AND where DSCP equals to 50 AND where flow label equals to 2013",
608 "extended-communities": {
610 "traffic-rate-extended-community": {
612 "local-administrator": "AAAAAA=="
618 "destination-prefix": "2001:db8:31::/64"
621 "source-prefix": "2001:db8:30::/64"
625 "op": "equals end-of-list",
631 "op": "equals end-of-list",
637 "op": "equals end-of-list",
647 IPv4 L3VPN Flows Specification
648 ''''''''''''''''''''''''''''''
649 The IPv4 L3VPN Flowspec table in an instance of the speaker's Loc-RIB can be verified via REST:
651 **URL:** ``/restconf/operational/bgp-rib:bgp-rib/rib/bgp-example/loc-rib/tables/bgp-types:ipv4-address-family/bgp-flowspec:flowspec-l3vpn-subsequent-address-family/bgp-flowspec:flowspec-l3vpn-ipv4-routes``
663 <flowspec-l3vpn-ipv4-routes xmlns="urn:opendaylight:params:xml:ns:yang:bgp-flowspec">
664 <flowspec-l3vpn-route>
666 <route-key>[l3vpn with route-distinguisher 172.16.0.44:101] all packets from 10.0.0.3/32</route-key>
672 <global>5.6.7.8</global>
678 <extended-communities>
679 <transitive>true</transitive>
680 <redirect-ip-nh-extended-community>
682 <next-hop-address>0.0.0.0</next-hop-address>
683 </redirect-ip-nh-extended-community>
684 </extended-communities>
686 <route-distinguisher>172.16.0.44:101</route-distinguisher>
688 <source-prefix>10.0.0.3/32</source-prefix>
690 </flowspec-l3vpn-route>
691 </flowspec-l3vpn-ipv4-routes>
700 "flowspec-l3vpn-ipv4-routes": {
701 "flowspec-l3vpn-route": {
703 "route-key": "[l3vpn with route-distinguisher 172.16.0.44:101] all packets from 10.0.0.3/32",
714 "extended-communities": {
716 "redirect-ip-nh-extended-community": {
718 "next-hop-address": "0.0.0.0"
722 "route-distinguisher": "172.16.0.44:101",
724 "source-prefix": "10.0.0.3/32"
732 IPv4 Flow Specification
733 '''''''''''''''''''''''
734 This examples show how to originate and remove IPv4 fowspec route via programmable RIB.
735 Make sure the *Application Peer* is configured first.
737 **URL:** ``/restconf/config/bgp-rib:application-rib/10.25.1.9/tables/bgp-types:ipv4-address-family/bgp-flowspec:flowspec-subsequent-address-family/bgp-flowspec:flowspec-routes``
745 **Content-Type:** ``application/xml``
751 <flowspec-route xmlns="urn:opendaylight:params:xml:ns:yang:bgp-flowspec">
752 <route-key>flow1</route-key>
755 <destination-prefix>192.168.0.1/32</destination-prefix>
758 <source-prefix>10.0.0.1/32</source-prefix>
762 <op>equals end-of-list</op>
768 <op>equals end-of-list</op>
774 <op>greater-than</op>
778 <op>and-bit less-than end-of-list</op>
784 <op>greater-than end-of-list</op>
790 <op>equals end-of-list</op>
796 <op>equals end-of-list</op>
802 <op>match end-of-list</op>
808 <op>greater-than</op>
812 <op>and-bit less-than end-of-list</op>
818 <op>equals end-of-list</op>
824 <op>match end-of-list</op>
836 <extended-communities>
838 </extended-communities>
844 **Content-Type:** ``application/json``
853 "route-key": "flow1",
857 "destination-prefix": "192.168.0.1/32"
860 "source-prefix": "10.0.0.1/32"
865 "op": "end-of-list equals",
873 "op": "end-of-list equals",
879 "destination-ports": [
881 "op": "greater-than",
885 "op": "end-of-list and-bit less-than",
893 "op": "end-of-list greater-than",
901 "op": "end-of-list equals",
909 "op": "end-of-list equals",
917 "op": "end-of-list match",
925 "op": "greater-than",
929 "op": "end-of-list and-bit less-than",
937 "op": "end-of-list equals",
945 "op": "end-of-list match",
965 **Extended Communities**
977 <extended-communities>
978 <transitive>true</transitive>
979 <traffic-rate-extended-community>
980 <informative-as>123</informative-as>
981 <local-administrator>AAAAAA==</local-administrator>
982 </traffic-rate-extended-community>
983 </extended-communities>
985 @line 5: A rate in bytes per second, *AAAAAA==* (0) means traffic discard.
994 "extended-communities" : {
996 "traffic-rate-extended-community": {
997 "informative-as": 123,
998 "local-administrator": "AAAAAA=="
1003 @line 6: A rate in bytes per second, *AAAAAA==* (0) means traffic discard.
1005 * **Traffic Action**
1013 <extended-communities>
1014 <transitive>true</transitive>
1015 <traffic-action-extended-community>
1016 <sample>true</sample>
1017 <terminal-action>false</terminal-action>
1018 </traffic-action-extended-community>
1019 </extended-communities>
1023 .. code-block:: json
1026 "extended-communities" : {
1028 "traffic-action-extended-community": {
1030 "terminal-action": false
1035 * **Redirect to VRF AS 2byte format**
1043 <extended-communities>
1044 <transitive>true</transitive>
1045 <redirect-extended-community>
1046 <global-administrator>123</global-administrator>
1047 <local-administrator>AAAAew==</local-administrator>
1048 </redirect-extended-community>
1049 </extended-communities>
1053 .. code-block:: json
1056 "extended-communities" : {
1058 "redirect-extended-community": {
1059 "global-administrator": 123,
1060 "local-administrator": "AAAAew=="
1065 * **Redirect to VRF IPv4 format**
1073 <extended-communities>
1074 <transitive>true</transitive>
1076 <global-administrator>192.168.0.1</global-administrator>
1077 <local-administrator>12345</local-administrator>
1079 </extended-communities>
1083 .. code-block:: json
1086 "extended-communities" : {
1089 "global-administrator": "192.168.0.1",
1090 "local-administrator": 12345
1095 * **Redirect to VRF AS 4byte format**
1103 <extended-communities>
1104 <transitive>true</transitive>
1106 <global-administrator>64495</global-administrator>
1107 <local-administrator>12345</local-administrator>
1109 </extended-communities>
1113 .. code-block:: json
1116 "extended-communities" : {
1119 "global-administrator": 64495,
1120 "local-administrator": 12345
1125 * **Redirect to IP**
1133 <extended-communities>
1134 <transitive>true</transitive>
1135 <redirect-ip-nh-extended-community>
1137 </redirect-ip-nh-extended-community>
1138 </extended-communities>
1142 .. code-block:: json
1145 "extended-communities" : {
1147 "redirect-ip-nh-extended-community": {
1153 * **Traffic Marking**
1161 <extended-communities>
1162 <transitive>true</transitive>
1163 <traffic-marking-extended-community>
1164 <global-administrator>20</global-administrator>
1165 </traffic-marking-extended-community>
1166 </extended-communities>
1170 .. code-block:: json
1173 "extended-communities" : {
1175 "traffic-marking-extended-community": {
1176 "global-administrator": 20
1183 To remove the route added above, following request can be used:
1185 **URL:** ``/restconf/config/bgp-rib:application-rib/10.25.1.9/tables/bgp-types:ipv4-address-family/bgp-flowspec:flowspec-subsequent-address-family/bgp-flowspec:flowspec-routes/bgp-flowspec:flowspec-route/flow1/0``
1187 **Method:** ``DELETE``
1189 IPv4 L3VPN Flow Specification
1190 '''''''''''''''''''''''''''''
1191 This examples show how to originate and remove IPv4 L3VPN fowspec route via programmable RIB.
1193 **URL:** ``/restconf/config/bgp-rib:application-rib/10.25.1.9/tables/bgp-types:ipv4-address-family/bgp-flowspec:flowspec-l3vpn-subsequent-address-family/bgp-flowspec:flowspec-l3vpn-ipv4-routes``
1195 **Method:** ``POST``
1201 **Content-Type:** ``application/xml``
1207 <flowspec-l3vpn-route xmlns="urn:opendaylight:params:xml:ns:yang:bgp-flowspec">
1208 <path-id>0</path-id>
1209 <route-key>flow-l3vpn</route-key>
1210 <route-distinguisher>172.16.0.44:101</route-distinguisher>
1212 <source-prefix>10.0.0.3/32</source-prefix>
1222 <extended-communities>
1223 <transitive>true</transitive>
1225 <global-administrator>172.16.0.44</global-administrator>
1226 <local-administrator>102</local-administrator>
1228 </extended-communities>
1230 </flowspec-l3vpn-route>
1234 **Content-Type:** ``application/json``
1238 .. code-block:: json
1241 "flowspec-l3vpn-route": [
1243 "route-key": "flow-l3vpn",
1245 "route-distinguisher": "172.16.0.44:101",
1248 "source-prefix": "10.0.0.3/32"
1255 "extended-communities": [
1258 "global-administrator": "172.16.0.44",
1259 "local-administrator": 102
1274 To remove the route added above, following request can be used:
1276 **URL:** ``/restconf/config/bgp-rib:application-rib/10.25.1.9/tables/bgp-types:ipv4-address-family/bgp-flowspec:flowspec-l3vpn-subsequent-address-family/bgp-flowspec:flowspec-l3vpn-ipv4-routes/flowspec-l3vpn-route/flow-l3vpn/0``
1278 **Method:** ``DELETE``
1280 IPv6 Flow Specification
1281 '''''''''''''''''''''''
1282 This examples show how to originate and remove IPv6 fowspec route via programmable RIB.
1284 **URL:** ``/restconf/config/bgp-rib:application-rib/10.25.1.9/tables/bgp-types:ipv6-address-family/bgp-flowspec:flowspec-subsequent-address-family/bgp-flowspec:flowspec-ipv6-routes``
1286 **Method:** ``POST``
1292 **Content-Type:** ``application/xml``
1298 <flowspec-route xmlns="urn:opendaylight:params:xml:ns:yang:bgp-flowspec">
1299 <route-key>flow-v6</route-key>
1300 <path-id>0</path-id>
1302 <destination-prefix>2001:db8:30::3/128</destination-prefix>
1305 <source-prefix>2001:db8:31::3/128</source-prefix>
1309 <op>equals end-of-list</op>
1314 <extended-communities>
1315 <transitive>true</transitive>
1317 <global-administrator>2001:db8:1::6</global-administrator>
1318 <local-administrator>12345</local-administrator>
1320 </extended-communities>
1333 **Content-Type:** ``application/json``
1337 .. code-block:: json
1342 "route-key": "flow-v6",
1346 "destination-prefix": "2001:db8:30::3/128"
1349 "source-prefix": "2001:db8:31::3/128"
1354 "op": "end-of-list equals",
1364 "extended-communities": [
1367 "global-administrator": "2001:db8:1::6",
1368 "local-administrator": 12345
1383 To remove the route added above, following request can be used:
1385 **URL:** ``/restconf/config/bgp-rib:application-rib/10.25.1.9/tables/bgp-types:ipv6-address-family/bgp-flowspec:flowspec-subsequent-address-family/bgp-flowspec:flowspec-ipv6-routes/bgp-flowspec:flowspec-route/flow-v6/0``
1387 **Method:** ``DELETE``
1391 * `Dissemination of Flow Specification Rules <https://tools.ietf.org/html/rfc5575>`_
1392 * `Dissemination of Flow Specification Rules for IPv6 <https://tools.ietf.org/html/draft-ietf-idr-flow-spec-v6-07>`_
1393 * `BGP Flow-Spec Extended Community for Traffic Redirect to IP Next Hop <https://tools.ietf.org/html/draft-ietf-idr-flowspec-redirect-ip-00>`_
1394 * `Clarification of the Flowspec Redirect Extended Community <https://tools.ietf.org/html/rfc7674>`_
1395 * `Revised Validation Procedure for BGP Flow Specifications <https://tools.ietf.org/html/draft-ietf-idr-bgp-flowspec-oid-03>`_