Application of BGP Flow Specification on a VPN

This section describes the application of BGP Flow Specification on a VPN.

Figure 1 Deploying BGP VPN Flow Specification

Figure 1 shows a VPN, where a BGP Flow Specification peer relationship is established between CE1 and PE1, and a BGP VPN Flow Specification peer relationship is established between PE1 and the traffic analysis server. PE2 and PE3 send sampled traffic to the traffic analysis server. The server checks the sampled traffic based on pre-configured rules to identify abnormal traffic. The traffic analysis server generates a BGP VPN Flow Specification route based on the characteristics of the attack traffic and sends the route carrying traffic filtering rules to PE1. PE1 converts the route into a traffic control policy to filter and control traffic accordingly. This minimizes the adverse impact of the attack traffic on network forwarding performance.

Parent Topic: Application Scenarios for BGP Flow Specification
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >