The flow-route vpn-instance command configures a static BGP VPN Flow Specification route and displays the Flow-Route VPN instance view.
The undo flow-route vpn-instance command deletes the static BGP VPN Flow Specification route.
By default, no static BGP VPN Flow Specification route is created.
| Parameter | Description | Value |
|---|---|---|
| flowroute-name |
Specifies the name of a static BGP Flow Specification route or BGP VPN Flow Specification route. |
The value is a string of 1 to 30 case-sensitive characters without any space. When double quotation marks are used around the string, spaces are allowed in the string. |
| vpn-instance-name |
Specifies a VPN instance name. |
The value is a string of 1 to 31 case-sensitive characters, spaces not supported. In addition, the VPN instance name must not be _public_. When double quotation marks are used around the string, spaces are allowed in the string. |
Usage Scenario
To filter out the attack traffic of a certain type, you can run the fow-route vpn-instance command to manually configure a static BGP VPN Flow Specification route with a filtering rule and a traffic controlling action. Receiving the route, a BGP VPN Flow Specification peer generates a traffic policy to control the attack traffic.
One BGP VPN Flow Specification route can include multiple if-match and apply clauses. The if-match clauses define filtering rules. The apply clauses specify actions. The relationships between if-match clauses and between apply clauses are as follows:Configuration Impact
After this command and ipv4-flow vpn-instance commands are run, BGP VPN Flow Specification routes are automatically added to the BGP routing table.
if-match port and if-match destination-port or if-match source-port are mutually exclusive.