Open topic with navigation

BGP FlowSpec

The Border Gateway Protocol (BGP) FlowSpec provides a DDoS mitigation solution to rate limit or block the attack traffic at the edge router or redirect the traffic to the TPS device or VRF. When A10 Defend Orchestrator App configures the FlowSpec on the TPS mitigator, it uses BGP protocol for advertising traffic identifiers and filtering actions to the edge router.

After FlowSpec is configured, you can enable the operational mode to send the FlowSpec information to the routers. You can also disable the operational mode to pull back the FlowSpec information from the routers.

Perform the following steps to access the BGP FlowSpec page:

  1. Navigate to Configuration > BGP > Flowspec.
  2. (Optional) Enter a complete or a partial name of the BGP FlowSpec in the search field for searching the BGP FlowSpec.
  3. (Optional) Click the Reset, Refresh, or Delete button to perform the corresponding action.

To create a new BGP Flowspec, click Create. For more information, see Create a BGP Flowspec.

To edit a BGP Flowspec, select the Flowspec you want to edit and click Edit under Actions. Edit the Flowspec as described under Create a BGP FlowSpec.

To duplicate a BGP Flowspec, select the Flowspec you want to duplicate and click Duplicate under Actions. Edit the Flowspec as described under Create a BGP FlowSpec.

All the BGP Flowspecs created are displayed on the Flowspec page in a tabular format.

Table 115 : BGP Flowspec Information

Table 114 : BGP FlowSpec Window

Column Heading

Description

Name

Displays the name of the BGP Flowspec.

Filter Action

Displays the type of filtering action applied to the Flowspec.

Zones

Displays the name of the zone to which the Flowspec is associated.

Mitigator Group

Displays the name of the mitigator group to which the Flowspec is associated.

Oper Status

Displays the operational status of the BGP Flowspec deployment as follows:

  • Device Error—Indicates the error has occurred on all the devices while configuring the BGP Flowspec .
  • Device Partial Error—Indicates the error has occurred on one or more devices while configuring the BGP Flowspec .
  • Out of Sync—Indicates the Flowspec changes that are not yet synchronized with the device(s).
  • OK—Indicates that the Flowspec is successfully deployed to all the devices in the device group. Here, the BGP Flowspec is created. However, it is yet to be sent to the mitigator group.

Deploy State

Displays the deployment status of the BGP Flowspec as follows:

  • Deployed—Indicates that the Flowspec is successfully deployed on all devices in the mitigator group.
  • Deploy Pending—Indicates that the Flowspec is not yet deployed on devices.
  • Undeploy Pending—Indicates that, when the BGP Flowspec is undeployed, the Flowspec will momentarily be in Undeploy Pending (transient state) and then change to Deploy Pending state.

Mode

Indicates whether the BGP Flowspec rules are configured in Enabled or Disabled state.

Info

Displays the following information:

  • User-created—Indicates that the Flowspec is user-created.
  • System-created—Indicates that the Flowspec is system-created.
  • Auto-remove—Indicates that the Flowspec will be deleted from A10 Defend Orchestrator App and TPS device once the mitigation stops.

Actions

Allows you to perform any of the following:

  • Edit
  • Deploy or Undeploy
  • Duplicate

COMPANY INFORMATION: Copyright © 2024 A10 Networks, Inc. All Rights Reserved. Legal Notice